{ config, depot, lib, pkgs, ... }: let mapAgents = lib.flip lib.mapAttrs config.services.hercules-ci-agents; mergeMap = f: let outputs = mapAgents f; in lib.pipe outputs [ (lib.mapAttrs (basename: basevalue: lib.mapAttrs' (n: v: lib.nameValuePair "${n}-${basename}" v ) basevalue )) lib.attrValues (lib.foldl' (a: b: a // b) {}) ]; in { imports = [ ./modules/multi-agent-refactored ]; age.secrets = mergeMap (name: _: { hci-token = { file = ./secrets + "/hci-token-${name}-${config.networking.hostName}.age"; owner = "hci-${name}"; group = "hci-${name}"; }; hci-cache-credentials = { file = ./secrets + "/hci-cache-credentials-${config.networking.hostName}.age"; owner = "hci-${name}"; group = "hci-${name}"; }; hci-cache-config = { file = ./secrets/hci-cache-config.age; owner = "hci-${name}"; group = "hci-${name}"; }; }); systemd.services = mergeMap (name: _: { hercules-ci-agent = { # hercules-ci-agent-restarter should take care of this restartIfChanged = false; environment = { AWS_SHARED_CREDENTIALS_FILE = config.age.secrets."hci-cache-credentials-${name}".path; AWS_EC2_METADATA_DISABLED = "true"; }; serviceConfig.Slice = "builder.slice"; }; }); }