nixfiles/nixos/boxes/colony/vms/shill/hercules.nix

{ lib, pkgs, config, ... }: {
  config = {
    system = {
      activationScripts.herculesAWSCredsRoot.text = ''
        mkdir -p /root/.aws
        ln -sf "${config.age.secrets."hercules/aws-credentials.ini".path}" /root/.aws/credentials
      '';
    };

    systemd = {
      services = {
        # TODO: get working again
        hercules-ci-agent.enable = false;
        hercules-ci-agent-pre =
        let
          deps = [ "hercules-ci-agent.service" ];
          awsCredsPath = "${config.services.hercules-ci-agent.settings.baseDirectory}/.aws/credentials";
        in
        {
          before = deps;
          requiredBy = deps;
          serviceConfig = {
            Type = "oneshot";
            User = "hercules-ci-agent";
          };
          script = ''
            mkdir -p "$(dirname "${awsCredsPath}")"
            ln -sf "${config.age.secrets."hercules/aws-credentials.ini".path}" "${awsCredsPath}"
          '';
        };

        nix-cache-gc =
        let
          configFile = pkgs.writeText "nix-cache-gc.ini" ''
            [gc]
            threshold = 256000
            stop = 204800

            [s3]
            endpoint = s3.nul.ie
            bucket = nix-cache
            access_key = nix-gc
          '';
        in
        {
          description = "Nix cache garbage collection";
          path = [ (pkgs.python310.withPackages (ps: with ps; [ minio ])) ];
          serviceConfig = {
            Type = "oneshot";
            ExecStart = [ ''${./nix_cache_gc.py} -c ${configFile} -c ${config.age.secrets."nix-cache-gc.ini".path}'' ];
          };
        };
      };
      timers = {
        nix-cache-gc = {
          description = "Nix cache garbage collection timer";
          wantedBy = [ "timers.target" ];
          timerConfig.OnCalendar = "hourly";
        };
      };
    };

    services = {
      hercules-ci-agent = {
        enable = true;
        settings = {
          concurrentTasks = 20;
          clusterJoinTokenPath = config.age.secrets."hercules/cluster-join-token.key".path;
          binaryCachesPath = config.age.secrets."hercules/binary-caches.json".path;
        };
      };
    };

    my = {
      secrets = {
        files =
        let
          ownedByAgent = {
            owner = "hercules-ci-agent";
            group = "hercules-ci-agent";
          };
        in
        {
          "hercules/cluster-join-token.key" = ownedByAgent;
          "hercules/binary-caches.json" = ownedByAgent;
          "hercules/aws-credentials.ini" = ownedByAgent;
          "nix-cache-gc.ini" = {};
        };
      };
    };
  };
}
nixos: Add Hercules CI and Nix cache 2022-07-16 21:01:18 +01:00			`{ lib, pkgs, config, ... }: {`
			`config = {`
			`system = {`
			`activationScripts.herculesAWSCredsRoot.text = ''`
			`mkdir -p /root/.aws`
			`ln -sf "${config.age.secrets."hercules/aws-credentials.ini".path}" /root/.aws/credentials`
			`'';`
			`};`

			`systemd = {`
			`services = {`
nixos/colony: Use temporary LVs until SSD is replaced 2023-01-11 20:06:09 +00:00			`# TODO: get working again`
			`hercules-ci-agent.enable = false;`
nixos: Add Hercules CI and Nix cache 2022-07-16 21:01:18 +01:00			`hercules-ci-agent-pre =`
			`let`
			`deps = [ "hercules-ci-agent.service" ];`
			`awsCredsPath = "${config.services.hercules-ci-agent.settings.baseDirectory}/.aws/credentials";`
			`in`
			`{`
			`before = deps;`
			`requiredBy = deps;`
			`serviceConfig = {`
			`Type = "oneshot";`
			`User = "hercules-ci-agent";`
			`};`
			`script = ''`
			`mkdir -p "$(dirname "${awsCredsPath}")"`
			`ln -sf "${config.age.secrets."hercules/aws-credentials.ini".path}" "${awsCredsPath}"`
			`'';`
			`};`
nixos/shill: Implement basic GC for Nix cache 2022-07-17 02:58:59 +01:00
			`nix-cache-gc =`
			`let`
			`configFile = pkgs.writeText "nix-cache-gc.ini" ''`
			`[gc]`
			`threshold = 256000`
			`stop = 204800`

			`[s3]`
			`endpoint = s3.nul.ie`
			`bucket = nix-cache`
			`access_key = nix-gc`
			`'';`
			`in`
			`{`
			`description = "Nix cache garbage collection";`
			`path = [ (pkgs.python310.withPackages (ps: with ps; [ minio ])) ];`
			`serviceConfig = {`
			`Type = "oneshot";`
			`ExecStart = [ ''${./nix_cache_gc.py} -c ${configFile} -c ${config.age.secrets."nix-cache-gc.ini".path}'' ];`
			`};`
			`};`
			`};`
			`timers = {`
			`nix-cache-gc = {`
			`description = "Nix cache garbage collection timer";`
			`wantedBy = [ "timers.target" ];`
			`timerConfig.OnCalendar = "hourly";`
			`};`
nixos: Add Hercules CI and Nix cache 2022-07-16 21:01:18 +01:00			`};`
			`};`

			`services = {`
			`hercules-ci-agent = {`
			`enable = true;`
			`settings = {`
			`concurrentTasks = 20;`
			`clusterJoinTokenPath = config.age.secrets."hercules/cluster-join-token.key".path;`
			`binaryCachesPath = config.age.secrets."hercules/binary-caches.json".path;`
			`};`
			`};`
			`};`

			`my = {`
			`secrets = {`
			`files =`
			`let`
			`ownedByAgent = {`
			`owner = "hercules-ci-agent";`
			`group = "hercules-ci-agent";`
			`};`
			`in`
			`{`
			`"hercules/cluster-join-token.key" = ownedByAgent;`
			`"hercules/binary-caches.json" = ownedByAgent;`
			`"hercules/aws-credentials.ini" = ownedByAgent;`
nixos/shill: Implement basic GC for Nix cache 2022-07-17 02:58:59 +01:00			`"nix-cache-gc.ini" = {};`
nixos: Add Hercules CI and Nix cache 2022-07-16 21:01:18 +01:00			`};`
			`};`
			`};`
			`};`
			`}`