modules/hercules-ci-agent: init
This commit is contained in:
parent
95c49cdfe9
commit
d534b03b48
4 changed files with 48 additions and 0 deletions
|
@ -6,6 +6,7 @@ let
|
|||
deploy-rs-receiver = import ./deploy-rs-receiver;
|
||||
enterprise = import ./enterprise;
|
||||
fail2ban = import ./fail2ban;
|
||||
hercules-ci-agent = import ./hercules-ci-agent;
|
||||
hydra = import ./hydra;
|
||||
hyprspace = import ./hyprspace;
|
||||
ipfs = import ./ipfs;
|
||||
|
|
32
modules/hercules-ci-agent/default.nix
Normal file
32
modules/hercules-ci-agent/default.nix
Normal file
|
@ -0,0 +1,32 @@
|
|||
{ config, inputs, pkgs, ... }:
|
||||
|
||||
{
|
||||
age.secrets = {
|
||||
hci-token = {
|
||||
file = ../../secrets + "/hci-token-${config.networking.hostName}.age";
|
||||
owner = "hercules-ci-agent";
|
||||
group = "hercules-ci-agent";
|
||||
};
|
||||
hci-cache-credentials = {
|
||||
file = ../../secrets + "/hci-cache-credentials-${config.networking.hostName}.age";
|
||||
owner = "hercules-ci-agent";
|
||||
group = "hercules-ci-agent";
|
||||
};
|
||||
hci-cache-config = {
|
||||
file = ../../secrets/hci-cache-config.age;
|
||||
owner = "hercules-ci-agent";
|
||||
group = "hercules-ci-agent";
|
||||
};
|
||||
};
|
||||
services.hercules-ci-agent = {
|
||||
enable = true;
|
||||
package = inputs.hercules-ci-agent.packages.${pkgs.system}.hercules-ci-agent;
|
||||
settings = {
|
||||
clusterJoinTokenPath = config.age.secrets.hci-token.path;
|
||||
binaryCachesPath = config.age.secrets.hci-cache-config.path;
|
||||
};
|
||||
};
|
||||
systemd.services.hercules-ci-agent.environment = {
|
||||
AWS_SHARED_CREDENTIALS_FILE = config.age.secrets.hci-cache-credentials.path;
|
||||
};
|
||||
}
|
14
secrets/hci-cache-config.age
Normal file
14
secrets/hci-cache-config.age
Normal file
|
@ -0,0 +1,14 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 NO562A WYzF2ZFfOMtanfe2hrHbxdrD79OXzG3aftvL7hXXtgQ
|
||||
IdI90ltsRS7dnKWwd2NFGarxWoq2ZyAHAXD/PE+hos0
|
||||
-> ssh-ed25519 5/zT0w /oRzWWJ4Ek2PKrUh0X+g19xtKvT/46VzDWVCK3l6V3E
|
||||
y8/oLo1/7tns6aTyHCcac+m2uO5wG608OJJnT2osfN0
|
||||
-> ssh-ed25519 d3WGuA 11ZtvytvpquN31t8NZqFg+cd/lGeyt+G21wTXfbJpic
|
||||
cdDo/FJXqM0xCj7w68/lCWDX8X6/9M2ZHTF2hIH9wsU
|
||||
-> ssh-ed25519 6YMlxg 0+kDc0xKGGOgEl5gTRpsI9U/jrnTtPSHO7WbeQtwL2U
|
||||
h10PtmTIQOyc9g4t14qpIUKYh1LEwYUltlZ/nCiL5Bc
|
||||
-> .KZ[r"d-grease JI`!M Qx1ik
|
||||
lZL73EclhxOHMnbkVQyokAaQX/qjbdaBtihyJXK2b3czG/pLXR+G1KEFPDt6OZT0
|
||||
7w3AEdYErKh03XSJor8uoJcVVgI2
|
||||
--- eSTM+R072k2rB4zBXpV6y5dcB6QPugVrA09OfQDD8WE
|
||||
ü.xŒßÑ$ýSÕX×UHãìw@UHN+€ñîD<0F>[jð L`úi…™“Wƒ,n³6)íMK#ÎáÏMŽ¬„eË•‹˜Å….íëtñÁ@Ž›j¤ž®ˆ0dʽ44Il’œ:QÝ¥*
$VG•ÎŒv,{¶è8N_’)s)ðc>íBúý&Ÿj-}6áÌÆ8Ƈ
cÞ„æ”wo/¦ÏJÎÃZðW³lvËðmà„𨴽Êï¨ãIf×f<<3C>8ò°à¸=÷yðŽBˆ®Þ°Á#¬¡ìRHkeù}‚nž|Š»õkkZφšŽfq½Õ²¿5Xþ¾å²ÜáF‰<46>çcfñ£«’ìÀxŽœD“F<…éžDvG_f!ê¶DªÕ%‰|ÿ-¢³´ù[Ï‚$ÊL|¯À׿<C397>âôí{ÓãÑlÌþ€Ü·J|ÜY:Ê—ç¼Xeûb`1è×U;`N—×µ<C397>‡vŽI²d¶ ¥IýÈqPvFÜB_”Õä:(Í7R
|
|
@ -14,6 +14,7 @@ in with hosts;
|
|||
"gitlab-secret-jws.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||
"gitlab-secret-otp.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||
"gitlab-secret-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||
"hci-cache-config.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
|
||||
"hydra-bincache.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||
"hydra-builder-key.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||
"hydra-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||
|
|
Loading…
Reference in a new issue