36 lines
1.1 KiB
Nix
36 lines
1.1 KiB
Nix
{ config, inputs, pkgs, ... }:
|
|
|
|
{
|
|
age.secrets = {
|
|
hci-token = {
|
|
file = ../../secrets + "/hci-token-${config.networking.hostName}.age";
|
|
owner = "hercules-ci-agent";
|
|
group = "hercules-ci-agent";
|
|
};
|
|
hci-cache-credentials = {
|
|
file = ../../secrets + "/hci-cache-credentials-${config.networking.hostName}.age";
|
|
owner = "hercules-ci-agent";
|
|
group = "hercules-ci-agent";
|
|
};
|
|
hci-cache-config = {
|
|
file = ../../secrets/hci-cache-config.age;
|
|
owner = "hercules-ci-agent";
|
|
group = "hercules-ci-agent";
|
|
};
|
|
};
|
|
services.hercules-ci-agent = {
|
|
enable = true;
|
|
package = inputs.hercules-ci-agent.packages.${pkgs.system}.hercules-ci-agent;
|
|
settings = {
|
|
clusterJoinTokenPath = config.age.secrets.hci-token.path;
|
|
binaryCachesPath = config.age.secrets.hci-cache-config.path;
|
|
};
|
|
};
|
|
systemd.services.hercules-ci-agent = {
|
|
# hercules-ci-agent-restarter should take care of this
|
|
restartIfChanged = false;
|
|
environment = {
|
|
AWS_SHARED_CREDENTIALS_FILE = config.age.secrets.hci-cache-credentials.path;
|
|
};
|
|
};
|
|
}
|