modules/hercules-ci-agent: init

This commit is contained in:
Max Headroom 2022-03-31 19:42:20 +02:00
parent 95c49cdfe9
commit d534b03b48
4 changed files with 48 additions and 0 deletions

View file

@ -6,6 +6,7 @@ let
deploy-rs-receiver = import ./deploy-rs-receiver;
enterprise = import ./enterprise;
fail2ban = import ./fail2ban;
hercules-ci-agent = import ./hercules-ci-agent;
hydra = import ./hydra;
hyprspace = import ./hyprspace;
ipfs = import ./ipfs;

View file

@ -0,0 +1,32 @@
{ config, inputs, pkgs, ... }:
{
age.secrets = {
hci-token = {
file = ../../secrets + "/hci-token-${config.networking.hostName}.age";
owner = "hercules-ci-agent";
group = "hercules-ci-agent";
};
hci-cache-credentials = {
file = ../../secrets + "/hci-cache-credentials-${config.networking.hostName}.age";
owner = "hercules-ci-agent";
group = "hercules-ci-agent";
};
hci-cache-config = {
file = ../../secrets/hci-cache-config.age;
owner = "hercules-ci-agent";
group = "hercules-ci-agent";
};
};
services.hercules-ci-agent = {
enable = true;
package = inputs.hercules-ci-agent.packages.${pkgs.system}.hercules-ci-agent;
settings = {
clusterJoinTokenPath = config.age.secrets.hci-token.path;
binaryCachesPath = config.age.secrets.hci-cache-config.path;
};
};
systemd.services.hercules-ci-agent.environment = {
AWS_SHARED_CREDENTIALS_FILE = config.age.secrets.hci-cache-credentials.path;
};
}

View file

@ -0,0 +1,14 @@
age-encryption.org/v1
-> ssh-ed25519 NO562A WYzF2ZFfOMtanfe2hrHbxdrD79OXzG3aftvL7hXXtgQ
IdI90ltsRS7dnKWwd2NFGarxWoq2ZyAHAXD/PE+hos0
-> ssh-ed25519 5/zT0w /oRzWWJ4Ek2PKrUh0X+g19xtKvT/46VzDWVCK3l6V3E
y8/oLo1/7tns6aTyHCcac+m2uO5wG608OJJnT2osfN0
-> ssh-ed25519 d3WGuA 11ZtvytvpquN31t8NZqFg+cd/lGeyt+G21wTXfbJpic
cdDo/FJXqM0xCj7w68/lCWDX8X6/9M2ZHTF2hIH9wsU
-> ssh-ed25519 6YMlxg 0+kDc0xKGGOgEl5gTRpsI9U/jrnTtPSHO7WbeQtwL2U
h10PtmTIQOyc9g4t14qpIUKYh1LEwYUltlZ/nCiL5Bc
-> .KZ[r"d-grease JI`!M Qx1ik
lZL73EclhxOHMnbkVQyokAaQX/qjbdaBtihyJXK2b3czG/pLXR+G1KEFPDt6OZT0
7w3AEdYErKh03XSJor8uoJcVVgI2
--- eSTM+R072k2rB4zBXpV6y5dcB6QPugVrA09OfQDD8WE
ü.xŒßÑ$ýSÕX×UHãìw@UHN+€ñîD<0F>[jð L`úi…™“Wƒ,n³6)íMK#ÎáÏMŽ¬„eË•˜Å….íëtñÁ@Žj¤ž®ˆ0dʽ44Ilœ:QÝ¥* $VG•ÎŒv,{¶è8N_)s)ðc>íBúý&Ÿj-}6áÌÆ­8Ƈ­æ”wo/¦ÏJÎÃZðW³lvËðmà„𨴽Êï¨ã If×f<<3C>8ò°à­¸=÷yðŽBˆ®Þ°Á#¬¡ìRHkeù}|Š»õkkZφšŽfq½Õ²¿5Xþ¾å²ÜáF‰<46>ç cfñ£«ìÀxŽœD“F<…éžDvG_f!ê¶DªÕ%‰|ÿ-¢³´ù[Ï‚$ÊL|¯À׿<C397>âôí{ÓãÑlÌþ€Ü·J|ÜY:Ê—ç¼Xeûb`1è×U;`N—×µ<C397>‡vŽI²d¶ ¥IýÈqPvFÜB_”Õä:(Í7R

View file

@ -14,6 +14,7 @@ in with hosts;
"gitlab-secret-jws.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"gitlab-secret-otp.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"gitlab-secret-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"hci-cache-config.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
"hydra-bincache.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"hydra-builder-key.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"hydra-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];