cluster/services/hercules-ci-multi-agent: init

obsoletes modules/hercules-ci-agent

Hercules CI orgs:
- private-void
- nixpak
This commit is contained in:
Max Headroom 2022-11-23 16:24:04 +01:00
parent 93b7118de9
commit 1423a45b3a
15 changed files with 102 additions and 44 deletions

View file

@ -0,0 +1,56 @@
{ config, inputs, lib, pkgs, ... }:
let
mapAgents = lib.flip lib.mapAttrs config.services.hercules-ci-agents;
#lib.foldl' (a: b: a // b) {} (lib.attrValues (lib.mapAttrs (basename: basevalue: lib.mapAttrs' (n: v: lib.nameValuePair "${n}-${basename}" v) basevalue) x));
mergeMap = f: let
outputs = mapAgents f;
in lib.pipe outputs [
(lib.mapAttrs (basename: basevalue:
lib.mapAttrs' (n: v:
lib.nameValuePair "${n}-${basename}" v
) basevalue
))
lib.attrValues
(lib.foldl' (a: b: a // b) {})
];
in
{
imports = [
inputs.hercules-ci-agent.nixosModules.multi-agent-service
];
age.secrets = mergeMap (name: _: {
hci-token = {
file = ./secrets + "/hci-token-${name}-${config.networking.hostName}.age";
owner = "hci-${name}";
group = "hci-${name}";
};
hci-cache-credentials = {
file = ./secrets + "/hci-cache-credentials-${config.networking.hostName}.age";
owner = "hci-${name}";
group = "hci-${name}";
};
hci-cache-config = {
file = ./secrets/hci-cache-config.age;
owner = "hci-${name}";
group = "hci-${name}";
};
});
services.hercules-ci-agents.private-void = {
settings = {
clusterJoinTokenPath = config.age.secrets.hci-token-private-void.path;
binaryCachesPath = config.age.secrets.hci-cache-config-private-void.path;
};
};
systemd.services = mergeMap (name: _: {
hercules-ci-agent = {
# hercules-ci-agent-restarter should take care of this
restartIfChanged = false;
environment = {
AWS_SHARED_CREDENTIALS_FILE = config.age.secrets."hci-cache-credentials-${name}".path;
};
};
});
}

View file

@ -0,0 +1,20 @@
{ config, lib, tools, ... }:
{
services.hercules-ci-multi-agent = {
nodes = {
private-void = [ "VEGAS" "prophet" ];
nixpak = [ "VEGAS" ];
};
nixos = {
private-void = [
./common.nix
./orgs/private-void.nix
];
nixpak = [
./common.nix
./orgs/nixpak.nix
];
};
};
}

View file

@ -0,0 +1,10 @@
{ config, inputs, pkgs, ... }:
{
services.hercules-ci-agents.nixpak = {
settings = {
clusterJoinTokenPath = config.age.secrets.hci-token-nixpak.path;
binaryCachesPath = config.age.secrets.hci-cache-config-nixpak.path;
};
};
}

View file

@ -0,0 +1,10 @@
{ config, inputs, pkgs, ... }:
{
services.hercules-ci-agents.private-void = {
settings = {
clusterJoinTokenPath = config.age.secrets.hci-token-private-void.path;
binaryCachesPath = config.age.secrets.hci-cache-config-private-void.path;
};
};
}

View file

@ -37,7 +37,6 @@
./services/warehouse
./services/websites
./services/wireguard-server
aspect.modules.hercules-ci-agent
aspect.modules.hyprspace
aspect.modules.nix-builder
]

View file

@ -11,7 +11,6 @@
./services/cdn-shield
./services/meet
./services/reflex
aspect.modules.hercules-ci-agent
aspect.modules.hyprspace
aspect.modules.nix-builder
aspect.modules.sss

View file

@ -6,7 +6,6 @@ let
deploy-rs-receiver = import ./deploy-rs-receiver;
enterprise = import ./enterprise;
fail2ban = import ./fail2ban;
hercules-ci-agent = import ./hercules-ci-agent;
hydra = import ./hydra;
hyprspace = import ./hyprspace;
ipfs = import ./ipfs;

View file

@ -1,36 +0,0 @@
{ config, inputs, pkgs, ... }:
{
age.secrets = {
hci-token = {
file = ../../secrets + "/hci-token-${config.networking.hostName}.age";
owner = "hercules-ci-agent";
group = "hercules-ci-agent";
};
hci-cache-credentials = {
file = ../../secrets + "/hci-cache-credentials-${config.networking.hostName}.age";
owner = "hercules-ci-agent";
group = "hercules-ci-agent";
};
hci-cache-config = {
file = ../../secrets/hci-cache-config.age;
owner = "hercules-ci-agent";
group = "hercules-ci-agent";
};
};
services.hercules-ci-agent = {
enable = true;
package = inputs.hercules-ci-agent.packages.${pkgs.system}.hercules-ci-agent;
settings = {
clusterJoinTokenPath = config.age.secrets.hci-token.path;
binaryCachesPath = config.age.secrets.hci-cache-config.path;
};
};
systemd.services.hercules-ci-agent = {
# hercules-ci-agent-restarter should take care of this
restartIfChanged = false;
environment = {
AWS_SHARED_CREDENTIALS_FILE = config.age.secrets.hci-cache-credentials.path;
};
};
}

View file

@ -9,6 +9,12 @@ in with hosts;
"cluster/services/dns/pdns-admin-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"cluster/services/dns/pdns-api-key.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
"cluster/services/dns/pdns-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
"cluster/services/hercules-ci-multi-agent/secrets/hci-cache-config.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
"cluster/services/hercules-ci-multi-agent/secrets/hci-cache-credentials-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
"cluster/services/hercules-ci-multi-agent/secrets/hci-cache-credentials-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"cluster/services/hercules-ci-multi-agent/secrets/hci-token-nixpak-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"cluster/services/hercules-ci-multi-agent/secrets/hci-token-private-void-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
"cluster/services/hercules-ci-multi-agent/secrets/hci-token-private-void-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"cluster/services/ipfs/cluster-secret.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
"cluster/services/ipfs/cluster-pinsvc-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
"cluster/services/irc/irc-peer-key.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
@ -27,11 +33,6 @@ in with hosts;
"secrets/gitlab-secret-otp.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/gitlab-secret-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/grafana-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/hci-cache-config.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
"secrets/hci-cache-credentials-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
"secrets/hci-cache-credentials-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/hci-token-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
"secrets/hci-token-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/hydra-bincache.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/hydra-builder-key.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/hydra-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];