cluster/services/hercules-ci-multi-agent: init
obsoletes modules/hercules-ci-agent Hercules CI orgs: - private-void - nixpak
This commit is contained in:
parent
93b7118de9
commit
1423a45b3a
15 changed files with 102 additions and 44 deletions
56
cluster/services/hercules-ci-multi-agent/common.nix
Normal file
56
cluster/services/hercules-ci-multi-agent/common.nix
Normal file
|
@ -0,0 +1,56 @@
|
|||
{ config, inputs, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
mapAgents = lib.flip lib.mapAttrs config.services.hercules-ci-agents;
|
||||
|
||||
#lib.foldl' (a: b: a // b) {} (lib.attrValues (lib.mapAttrs (basename: basevalue: lib.mapAttrs' (n: v: lib.nameValuePair "${n}-${basename}" v) basevalue) x));
|
||||
mergeMap = f: let
|
||||
outputs = mapAgents f;
|
||||
in lib.pipe outputs [
|
||||
(lib.mapAttrs (basename: basevalue:
|
||||
lib.mapAttrs' (n: v:
|
||||
lib.nameValuePair "${n}-${basename}" v
|
||||
) basevalue
|
||||
))
|
||||
lib.attrValues
|
||||
(lib.foldl' (a: b: a // b) {})
|
||||
];
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
inputs.hercules-ci-agent.nixosModules.multi-agent-service
|
||||
];
|
||||
|
||||
age.secrets = mergeMap (name: _: {
|
||||
hci-token = {
|
||||
file = ./secrets + "/hci-token-${name}-${config.networking.hostName}.age";
|
||||
owner = "hci-${name}";
|
||||
group = "hci-${name}";
|
||||
};
|
||||
hci-cache-credentials = {
|
||||
file = ./secrets + "/hci-cache-credentials-${config.networking.hostName}.age";
|
||||
owner = "hci-${name}";
|
||||
group = "hci-${name}";
|
||||
};
|
||||
hci-cache-config = {
|
||||
file = ./secrets/hci-cache-config.age;
|
||||
owner = "hci-${name}";
|
||||
group = "hci-${name}";
|
||||
};
|
||||
});
|
||||
services.hercules-ci-agents.private-void = {
|
||||
settings = {
|
||||
clusterJoinTokenPath = config.age.secrets.hci-token-private-void.path;
|
||||
binaryCachesPath = config.age.secrets.hci-cache-config-private-void.path;
|
||||
};
|
||||
};
|
||||
systemd.services = mergeMap (name: _: {
|
||||
hercules-ci-agent = {
|
||||
# hercules-ci-agent-restarter should take care of this
|
||||
restartIfChanged = false;
|
||||
environment = {
|
||||
AWS_SHARED_CREDENTIALS_FILE = config.age.secrets."hci-cache-credentials-${name}".path;
|
||||
};
|
||||
};
|
||||
});
|
||||
}
|
20
cluster/services/hercules-ci-multi-agent/default.nix
Normal file
20
cluster/services/hercules-ci-multi-agent/default.nix
Normal file
|
@ -0,0 +1,20 @@
|
|||
{ config, lib, tools, ... }:
|
||||
|
||||
{
|
||||
services.hercules-ci-multi-agent = {
|
||||
nodes = {
|
||||
private-void = [ "VEGAS" "prophet" ];
|
||||
nixpak = [ "VEGAS" ];
|
||||
};
|
||||
nixos = {
|
||||
private-void = [
|
||||
./common.nix
|
||||
./orgs/private-void.nix
|
||||
];
|
||||
nixpak = [
|
||||
./common.nix
|
||||
./orgs/nixpak.nix
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
10
cluster/services/hercules-ci-multi-agent/orgs/nixpak.nix
Normal file
10
cluster/services/hercules-ci-multi-agent/orgs/nixpak.nix
Normal file
|
@ -0,0 +1,10 @@
|
|||
{ config, inputs, pkgs, ... }:
|
||||
|
||||
{
|
||||
services.hercules-ci-agents.nixpak = {
|
||||
settings = {
|
||||
clusterJoinTokenPath = config.age.secrets.hci-token-nixpak.path;
|
||||
binaryCachesPath = config.age.secrets.hci-cache-config-nixpak.path;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -0,0 +1,10 @@
|
|||
{ config, inputs, pkgs, ... }:
|
||||
|
||||
{
|
||||
services.hercules-ci-agents.private-void = {
|
||||
settings = {
|
||||
clusterJoinTokenPath = config.age.secrets.hci-token-private-void.path;
|
||||
binaryCachesPath = config.age.secrets.hci-cache-config-private-void.path;
|
||||
};
|
||||
};
|
||||
}
|
Binary file not shown.
|
@ -37,7 +37,6 @@
|
|||
./services/warehouse
|
||||
./services/websites
|
||||
./services/wireguard-server
|
||||
aspect.modules.hercules-ci-agent
|
||||
aspect.modules.hyprspace
|
||||
aspect.modules.nix-builder
|
||||
]
|
||||
|
|
|
@ -11,7 +11,6 @@
|
|||
./services/cdn-shield
|
||||
./services/meet
|
||||
./services/reflex
|
||||
aspect.modules.hercules-ci-agent
|
||||
aspect.modules.hyprspace
|
||||
aspect.modules.nix-builder
|
||||
aspect.modules.sss
|
||||
|
|
|
@ -6,7 +6,6 @@ let
|
|||
deploy-rs-receiver = import ./deploy-rs-receiver;
|
||||
enterprise = import ./enterprise;
|
||||
fail2ban = import ./fail2ban;
|
||||
hercules-ci-agent = import ./hercules-ci-agent;
|
||||
hydra = import ./hydra;
|
||||
hyprspace = import ./hyprspace;
|
||||
ipfs = import ./ipfs;
|
||||
|
|
|
@ -1,36 +0,0 @@
|
|||
{ config, inputs, pkgs, ... }:
|
||||
|
||||
{
|
||||
age.secrets = {
|
||||
hci-token = {
|
||||
file = ../../secrets + "/hci-token-${config.networking.hostName}.age";
|
||||
owner = "hercules-ci-agent";
|
||||
group = "hercules-ci-agent";
|
||||
};
|
||||
hci-cache-credentials = {
|
||||
file = ../../secrets + "/hci-cache-credentials-${config.networking.hostName}.age";
|
||||
owner = "hercules-ci-agent";
|
||||
group = "hercules-ci-agent";
|
||||
};
|
||||
hci-cache-config = {
|
||||
file = ../../secrets/hci-cache-config.age;
|
||||
owner = "hercules-ci-agent";
|
||||
group = "hercules-ci-agent";
|
||||
};
|
||||
};
|
||||
services.hercules-ci-agent = {
|
||||
enable = true;
|
||||
package = inputs.hercules-ci-agent.packages.${pkgs.system}.hercules-ci-agent;
|
||||
settings = {
|
||||
clusterJoinTokenPath = config.age.secrets.hci-token.path;
|
||||
binaryCachesPath = config.age.secrets.hci-cache-config.path;
|
||||
};
|
||||
};
|
||||
systemd.services.hercules-ci-agent = {
|
||||
# hercules-ci-agent-restarter should take care of this
|
||||
restartIfChanged = false;
|
||||
environment = {
|
||||
AWS_SHARED_CREDENTIALS_FILE = config.age.secrets.hci-cache-credentials.path;
|
||||
};
|
||||
};
|
||||
}
|
11
secrets.nix
11
secrets.nix
|
@ -9,6 +9,12 @@ in with hosts;
|
|||
"cluster/services/dns/pdns-admin-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||
"cluster/services/dns/pdns-api-key.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
|
||||
"cluster/services/dns/pdns-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
|
||||
"cluster/services/hercules-ci-multi-agent/secrets/hci-cache-config.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
|
||||
"cluster/services/hercules-ci-multi-agent/secrets/hci-cache-credentials-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
|
||||
"cluster/services/hercules-ci-multi-agent/secrets/hci-cache-credentials-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||
"cluster/services/hercules-ci-multi-agent/secrets/hci-token-nixpak-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||
"cluster/services/hercules-ci-multi-agent/secrets/hci-token-private-void-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
|
||||
"cluster/services/hercules-ci-multi-agent/secrets/hci-token-private-void-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||
"cluster/services/ipfs/cluster-secret.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
|
||||
"cluster/services/ipfs/cluster-pinsvc-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
|
||||
"cluster/services/irc/irc-peer-key.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
|
||||
|
@ -27,11 +33,6 @@ in with hosts;
|
|||
"secrets/gitlab-secret-otp.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||
"secrets/gitlab-secret-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||
"secrets/grafana-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||
"secrets/hci-cache-config.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
|
||||
"secrets/hci-cache-credentials-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
|
||||
"secrets/hci-cache-credentials-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||
"secrets/hci-token-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
|
||||
"secrets/hci-token-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||
"secrets/hydra-bincache.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||
"secrets/hydra-builder-key.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||
"secrets/hydra-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||
|
|
Loading…
Reference in a new issue