summaryrefslogtreecommitdiff
path: root/modules/nixos/mixins/hercules.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/nixos/mixins/hercules.nix')
-rw-r--r--modules/nixos/mixins/hercules.nix55
1 files changed, 55 insertions, 0 deletions
diff --git a/modules/nixos/mixins/hercules.nix b/modules/nixos/mixins/hercules.nix
new file mode 100644
index 0000000..de209a3
--- /dev/null
+++ b/modules/nixos/mixins/hercules.nix
@@ -0,0 +1,55 @@
+{
+ config,
+ lib,
+ unstable,
+ secretsDir,
+ ...
+}:
+let
+ cfg = config.mixins.hercules-ci;
+in
+{
+ options.mixins.hercules-ci = {
+ enable = lib.mkEnableOption "Hercules CI mixin";
+ manageSecrets = lib.mkEnableOption "automatic management of secrets" // {
+ default = config.traits.secrets.enable;
+ defaultText = lib.literalExpression "config.traits.secrets.enable";
+ };
+ };
+
+ config = lib.mkIf cfg.enable (
+ lib.mkMerge [
+ {
+ services.hercules-ci-agent = {
+ enable = true;
+ # we want newer features
+ package = unstable.hercules-ci-agent;
+ };
+ }
+
+ (
+ let
+ secretNames = [
+ "binaryCaches"
+ "clusterJoinToken"
+ "secretsJson"
+ ];
+ in
+ lib.mkIf cfg.manageSecrets {
+ age.secrets = lib.genAttrs secretNames (file: {
+ file = "${secretsDir}/${file}.age";
+ mode = "400";
+ owner = "hercules-ci-agent";
+ group = "hercules-ci-agent";
+ });
+
+ services.hercules-ci-agent = {
+ settings = lib.mapAttrs' (name: lib.nameValuePair (name + "Path")) (
+ lib.genAttrs secretNames (name: config.age.secrets.${name}.path)
+ );
+ };
+ }
+ )
+ ]
+ );
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 19:20:21 +0000