cluster/services/hercules-ci-multi-agent: init
obsoletes modules/hercules-ci-agent Hercules CI orgs: - private-void - nixpak
This commit is contained in:
parent
93b7118de9
commit
1423a45b3a
15 changed files with 102 additions and 44 deletions
56
cluster/services/hercules-ci-multi-agent/common.nix
Normal file
56
cluster/services/hercules-ci-multi-agent/common.nix
Normal file
|
@ -0,0 +1,56 @@
|
||||||
|
{ config, inputs, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
mapAgents = lib.flip lib.mapAttrs config.services.hercules-ci-agents;
|
||||||
|
|
||||||
|
#lib.foldl' (a: b: a // b) {} (lib.attrValues (lib.mapAttrs (basename: basevalue: lib.mapAttrs' (n: v: lib.nameValuePair "${n}-${basename}" v) basevalue) x));
|
||||||
|
mergeMap = f: let
|
||||||
|
outputs = mapAgents f;
|
||||||
|
in lib.pipe outputs [
|
||||||
|
(lib.mapAttrs (basename: basevalue:
|
||||||
|
lib.mapAttrs' (n: v:
|
||||||
|
lib.nameValuePair "${n}-${basename}" v
|
||||||
|
) basevalue
|
||||||
|
))
|
||||||
|
lib.attrValues
|
||||||
|
(lib.foldl' (a: b: a // b) {})
|
||||||
|
];
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
inputs.hercules-ci-agent.nixosModules.multi-agent-service
|
||||||
|
];
|
||||||
|
|
||||||
|
age.secrets = mergeMap (name: _: {
|
||||||
|
hci-token = {
|
||||||
|
file = ./secrets + "/hci-token-${name}-${config.networking.hostName}.age";
|
||||||
|
owner = "hci-${name}";
|
||||||
|
group = "hci-${name}";
|
||||||
|
};
|
||||||
|
hci-cache-credentials = {
|
||||||
|
file = ./secrets + "/hci-cache-credentials-${config.networking.hostName}.age";
|
||||||
|
owner = "hci-${name}";
|
||||||
|
group = "hci-${name}";
|
||||||
|
};
|
||||||
|
hci-cache-config = {
|
||||||
|
file = ./secrets/hci-cache-config.age;
|
||||||
|
owner = "hci-${name}";
|
||||||
|
group = "hci-${name}";
|
||||||
|
};
|
||||||
|
});
|
||||||
|
services.hercules-ci-agents.private-void = {
|
||||||
|
settings = {
|
||||||
|
clusterJoinTokenPath = config.age.secrets.hci-token-private-void.path;
|
||||||
|
binaryCachesPath = config.age.secrets.hci-cache-config-private-void.path;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
systemd.services = mergeMap (name: _: {
|
||||||
|
hercules-ci-agent = {
|
||||||
|
# hercules-ci-agent-restarter should take care of this
|
||||||
|
restartIfChanged = false;
|
||||||
|
environment = {
|
||||||
|
AWS_SHARED_CREDENTIALS_FILE = config.age.secrets."hci-cache-credentials-${name}".path;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
});
|
||||||
|
}
|
20
cluster/services/hercules-ci-multi-agent/default.nix
Normal file
20
cluster/services/hercules-ci-multi-agent/default.nix
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
{ config, lib, tools, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
services.hercules-ci-multi-agent = {
|
||||||
|
nodes = {
|
||||||
|
private-void = [ "VEGAS" "prophet" ];
|
||||||
|
nixpak = [ "VEGAS" ];
|
||||||
|
};
|
||||||
|
nixos = {
|
||||||
|
private-void = [
|
||||||
|
./common.nix
|
||||||
|
./orgs/private-void.nix
|
||||||
|
];
|
||||||
|
nixpak = [
|
||||||
|
./common.nix
|
||||||
|
./orgs/nixpak.nix
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
10
cluster/services/hercules-ci-multi-agent/orgs/nixpak.nix
Normal file
10
cluster/services/hercules-ci-multi-agent/orgs/nixpak.nix
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
{ config, inputs, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
services.hercules-ci-agents.nixpak = {
|
||||||
|
settings = {
|
||||||
|
clusterJoinTokenPath = config.age.secrets.hci-token-nixpak.path;
|
||||||
|
binaryCachesPath = config.age.secrets.hci-cache-config-nixpak.path;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,10 @@
|
||||||
|
{ config, inputs, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
services.hercules-ci-agents.private-void = {
|
||||||
|
settings = {
|
||||||
|
clusterJoinTokenPath = config.age.secrets.hci-token-private-void.path;
|
||||||
|
binaryCachesPath = config.age.secrets.hci-cache-config-private-void.path;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
Binary file not shown.
|
@ -37,7 +37,6 @@
|
||||||
./services/warehouse
|
./services/warehouse
|
||||||
./services/websites
|
./services/websites
|
||||||
./services/wireguard-server
|
./services/wireguard-server
|
||||||
aspect.modules.hercules-ci-agent
|
|
||||||
aspect.modules.hyprspace
|
aspect.modules.hyprspace
|
||||||
aspect.modules.nix-builder
|
aspect.modules.nix-builder
|
||||||
]
|
]
|
||||||
|
|
|
@ -11,7 +11,6 @@
|
||||||
./services/cdn-shield
|
./services/cdn-shield
|
||||||
./services/meet
|
./services/meet
|
||||||
./services/reflex
|
./services/reflex
|
||||||
aspect.modules.hercules-ci-agent
|
|
||||||
aspect.modules.hyprspace
|
aspect.modules.hyprspace
|
||||||
aspect.modules.nix-builder
|
aspect.modules.nix-builder
|
||||||
aspect.modules.sss
|
aspect.modules.sss
|
||||||
|
|
|
@ -6,7 +6,6 @@ let
|
||||||
deploy-rs-receiver = import ./deploy-rs-receiver;
|
deploy-rs-receiver = import ./deploy-rs-receiver;
|
||||||
enterprise = import ./enterprise;
|
enterprise = import ./enterprise;
|
||||||
fail2ban = import ./fail2ban;
|
fail2ban = import ./fail2ban;
|
||||||
hercules-ci-agent = import ./hercules-ci-agent;
|
|
||||||
hydra = import ./hydra;
|
hydra = import ./hydra;
|
||||||
hyprspace = import ./hyprspace;
|
hyprspace = import ./hyprspace;
|
||||||
ipfs = import ./ipfs;
|
ipfs = import ./ipfs;
|
||||||
|
|
|
@ -1,36 +0,0 @@
|
||||||
{ config, inputs, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
age.secrets = {
|
|
||||||
hci-token = {
|
|
||||||
file = ../../secrets + "/hci-token-${config.networking.hostName}.age";
|
|
||||||
owner = "hercules-ci-agent";
|
|
||||||
group = "hercules-ci-agent";
|
|
||||||
};
|
|
||||||
hci-cache-credentials = {
|
|
||||||
file = ../../secrets + "/hci-cache-credentials-${config.networking.hostName}.age";
|
|
||||||
owner = "hercules-ci-agent";
|
|
||||||
group = "hercules-ci-agent";
|
|
||||||
};
|
|
||||||
hci-cache-config = {
|
|
||||||
file = ../../secrets/hci-cache-config.age;
|
|
||||||
owner = "hercules-ci-agent";
|
|
||||||
group = "hercules-ci-agent";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
services.hercules-ci-agent = {
|
|
||||||
enable = true;
|
|
||||||
package = inputs.hercules-ci-agent.packages.${pkgs.system}.hercules-ci-agent;
|
|
||||||
settings = {
|
|
||||||
clusterJoinTokenPath = config.age.secrets.hci-token.path;
|
|
||||||
binaryCachesPath = config.age.secrets.hci-cache-config.path;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
systemd.services.hercules-ci-agent = {
|
|
||||||
# hercules-ci-agent-restarter should take care of this
|
|
||||||
restartIfChanged = false;
|
|
||||||
environment = {
|
|
||||||
AWS_SHARED_CREDENTIALS_FILE = config.age.secrets.hci-cache-credentials.path;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
11
secrets.nix
11
secrets.nix
|
@ -9,6 +9,12 @@ in with hosts;
|
||||||
"cluster/services/dns/pdns-admin-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"cluster/services/dns/pdns-admin-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
"cluster/services/dns/pdns-api-key.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
|
"cluster/services/dns/pdns-api-key.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
|
||||||
"cluster/services/dns/pdns-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
|
"cluster/services/dns/pdns-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
|
||||||
|
"cluster/services/hercules-ci-multi-agent/secrets/hci-cache-config.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
|
||||||
|
"cluster/services/hercules-ci-multi-agent/secrets/hci-cache-credentials-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
|
||||||
|
"cluster/services/hercules-ci-multi-agent/secrets/hci-cache-credentials-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
|
"cluster/services/hercules-ci-multi-agent/secrets/hci-token-nixpak-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
|
"cluster/services/hercules-ci-multi-agent/secrets/hci-token-private-void-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
|
||||||
|
"cluster/services/hercules-ci-multi-agent/secrets/hci-token-private-void-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
"cluster/services/ipfs/cluster-secret.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
|
"cluster/services/ipfs/cluster-secret.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
|
||||||
"cluster/services/ipfs/cluster-pinsvc-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
|
"cluster/services/ipfs/cluster-pinsvc-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
|
||||||
"cluster/services/irc/irc-peer-key.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
|
"cluster/services/irc/irc-peer-key.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
|
||||||
|
@ -27,11 +33,6 @@ in with hosts;
|
||||||
"secrets/gitlab-secret-otp.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"secrets/gitlab-secret-otp.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
"secrets/gitlab-secret-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"secrets/gitlab-secret-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
"secrets/grafana-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"secrets/grafana-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
"secrets/hci-cache-config.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
|
|
||||||
"secrets/hci-cache-credentials-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
|
|
||||||
"secrets/hci-cache-credentials-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
|
||||||
"secrets/hci-token-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
|
|
||||||
"secrets/hci-token-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
|
||||||
"secrets/hydra-bincache.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"secrets/hydra-bincache.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
"secrets/hydra-builder-key.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"secrets/hydra-builder-key.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
"secrets/hydra-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"secrets/hydra-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
|
|
Loading…
Reference in a new issue