nixos: Add Hercules CI and Nix cache

2022-07-16 21:01:18 +01:00
parent accb14721d
commit 0ca615a389
10 changed files with 163 additions and 28 deletions
--- a/nixos/boxes/colony/vms/shill/hercules.nix
+++ b/nixos/boxes/colony/vms/shill/hercules.nix
@@ -0,0 +1,60 @@
+{ lib, pkgs, config, ... }: {
+  config = {
+    system = {
+      activationScripts.herculesAWSCredsRoot.text = ''
+        mkdir -p /root/.aws
+        ln -sf "${config.age.secrets."hercules/aws-credentials.ini".path}" /root/.aws/credentials
+      '';
+    };
+
+    systemd = {
+      services = {
+        hercules-ci-agent-pre =
+        let
+          deps = [ "hercules-ci-agent.service" ];
+          awsCredsPath = "${config.services.hercules-ci-agent.settings.baseDirectory}/.aws/credentials";
+        in
+        {
+          before = deps;
+          requiredBy = deps;
+          serviceConfig = {
+            Type = "oneshot";
+            User = "hercules-ci-agent";
+          };
+          script = ''
+            mkdir -p "$(dirname "${awsCredsPath}")"
+            ln -sf "${config.age.secrets."hercules/aws-credentials.ini".path}" "${awsCredsPath}"
+          '';
+        };
+      };
+    };
+
+    services = {
+      hercules-ci-agent = {
+        enable = true;
+        settings = {
+          concurrentTasks = 20;
+          clusterJoinTokenPath = config.age.secrets."hercules/cluster-join-token.key".path;
+          binaryCachesPath = config.age.secrets."hercules/binary-caches.json".path;
+        };
+      };
+    };
+
+    my = {
+      secrets = {
+        files =
+        let
+          ownedByAgent = {
+            owner = "hercules-ci-agent";
+            group = "hercules-ci-agent";
+          };
+        in
+        {
+          "hercules/cluster-join-token.key" = ownedByAgent;
+          "hercules/binary-caches.json" = ownedByAgent;
+          "hercules/aws-credentials.ini" = ownedByAgent;
+        };
+      };
+    };
+  };
+}