depot/cluster/services/hercules-ci-multi-agent/default.nix

72 lines
1.7 KiB
Nix

{ config, lib, ... }:
{
services.hercules-ci-multi-agent = {
nodes = {
private-void = [ "VEGAS" "prophet" ];
nixpak = [ "VEGAS" "prophet" ];
max = [ "VEGAS" "prophet" ];
hyprspace = [ "VEGAS" "prophet" ];
};
nixos = {
private-void = [
./common.nix
{
services.hercules-ci-agents.private-void.settings = {
secretsJsonPath = config.services.hercules-ci-multi-agent.secrets.effectsSecrets.path;
};
}
];
nixpak = [
./common.nix
];
max = [
./common.nix
];
hyprspace = [
./common.nix
];
};
secrets = let
inherit (config.services.hercules-ci-multi-agent) nodes;
allNodes = lib.unique (lib.concatLists (lib.attrValues nodes));
in {
cacheConfig = {
nodes = allNodes;
mode = "0440";
group = "hercules-ci-agent";
};
cacheCredentials = {
nodes = allNodes;
shared = false;
mode = "0440";
group = "hercules-ci-agent";
};
effectsSecrets = {
nodes = nodes.private-void;
owner = "hci-private-void";
};
} // lib.mapAttrs' (org: nodes: {
name = "clusterJoinToken-${org}";
value = {
inherit nodes;
shared = false;
owner = "hci-${org}";
};
}) nodes;
};
garage = let
hciAgentKeys = lib.pipe config.services.hercules-ci-multi-agent.nodes [
(lib.collect lib.isList)
lib.flatten
lib.unique
(map (x: "hci-agent-${x}"))
];
in {
keys = lib.genAttrs hciAgentKeys (lib.const {});
buckets.nix-store = {
allow = lib.genAttrs hciAgentKeys (lib.const [ "read" "write" ]);
web.enable = true;
};
};
}