nixfiles/nixos/boxes/colony/vms/shill/hercules.nix

{ lib, pkgs, config, ... }: {
  config = {
    system = {
      activationScripts.herculesAWSCredsRoot.text = ''
        mkdir -p /root/.aws
        ln -sf "${config.age.secrets."hercules/aws-credentials.ini".path}" /root/.aws/credentials
      '';
    };

    systemd = {
      services = {
        hercules-ci-agent-pre =
        let
          deps = [ "hercules-ci-agent.service" ];
          awsCredsPath = "${config.services.hercules-ci-agent.settings.baseDirectory}/.aws/credentials";
        in
        {
          before = deps;
          requiredBy = deps;
          serviceConfig = {
            Type = "oneshot";
            User = "hercules-ci-agent";
          };
          script = ''
            mkdir -p "$(dirname "${awsCredsPath}")"
            ln -sf "${config.age.secrets."hercules/aws-credentials.ini".path}" "${awsCredsPath}"
          '';
        };
      };
    };

    services = {
      hercules-ci-agent = {
        enable = true;
        settings = {
          concurrentTasks = 20;
          clusterJoinTokenPath = config.age.secrets."hercules/cluster-join-token.key".path;
          binaryCachesPath = config.age.secrets."hercules/binary-caches.json".path;
        };
      };
    };

    my = {
      secrets = {
        files =
        let
          ownedByAgent = {
            owner = "hercules-ci-agent";
            group = "hercules-ci-agent";
          };
        in
        {
          "hercules/cluster-join-token.key" = ownedByAgent;
          "hercules/binary-caches.json" = ownedByAgent;
          "hercules/aws-credentials.ini" = ownedByAgent;
        };
      };
    };
  };
}
nixos: Add Hercules CI and Nix cache 2022-07-16 21:01:18 +01:00			`{ lib, pkgs, config, ... }: {`
			`config = {`
			`system = {`
			`activationScripts.herculesAWSCredsRoot.text = ''`
			`mkdir -p /root/.aws`
			`ln -sf "${config.age.secrets."hercules/aws-credentials.ini".path}" /root/.aws/credentials`
			`'';`
			`};`

			`systemd = {`
			`services = {`
			`hercules-ci-agent-pre =`
			`let`
			`deps = [ "hercules-ci-agent.service" ];`
			`awsCredsPath = "${config.services.hercules-ci-agent.settings.baseDirectory}/.aws/credentials";`
			`in`
			`{`
			`before = deps;`
			`requiredBy = deps;`
			`serviceConfig = {`
			`Type = "oneshot";`
			`User = "hercules-ci-agent";`
			`};`
			`script = ''`
			`mkdir -p "$(dirname "${awsCredsPath}")"`
			`ln -sf "${config.age.secrets."hercules/aws-credentials.ini".path}" "${awsCredsPath}"`
			`'';`
			`};`
			`};`
			`};`

			`services = {`
			`hercules-ci-agent = {`
			`enable = true;`
			`settings = {`
			`concurrentTasks = 20;`
			`clusterJoinTokenPath = config.age.secrets."hercules/cluster-join-token.key".path;`
			`binaryCachesPath = config.age.secrets."hercules/binary-caches.json".path;`
			`};`
			`};`
			`};`

			`my = {`
			`secrets = {`
			`files =`
			`let`
			`ownedByAgent = {`
			`owner = "hercules-ci-agent";`
			`group = "hercules-ci-agent";`
			`};`
			`in`
			`{`
			`"hercules/cluster-join-token.key" = ownedByAgent;`
			`"hercules/binary-caches.json" = ownedByAgent;`
			`"hercules/aws-credentials.ini" = ownedByAgent;`
			`};`
			`};`
			`};`
			`};`
			`}`