commit 3a98abe8bd8e7c3da5636c2de6e7536e22ded247 · pyrox.dev/nixpkgs

+66 -11

nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix

···

       1
        
       /*

     

       2
        
       

     

       3
       -
       This file is for options that NixOS and nix-darwin have in common.

     

       4
        
       

     

       5
       -
       Platform-specific code is in the respective default.nix files.

     

       6
        
       

     

       7
       -
        */

     

       8
        
       

     

       9
        
       { config, lib, options, pkgs, ... }:

     

       10
        
       let

     
···

       27
        
         settingsModule = { config, ... }: {

     

       28
        
           freeformType = format.type;

     

       29
        
           options = {

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       30
        
             baseDirectory = mkOption {

     

       31
        
               type = types.path;

     

       32
        
               default = "/var/lib/hercules-ci-agent";

     
···

       55
        
               type = types.either types.ints.positive (types.enum [ "auto" ]);

     

       56
        
               default = "auto";

     

       57
        
             };

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       58
        
             workDirectory = mkOption {

     

       59
        
               description = ''

     

       60
        
                 The directory in which temporary subdirectories are created for task state. This includes sources for Nix evaluation.

     
···

       66
        
             staticSecretsDirectory = mkOption {

     

       67
        
               description = ''

     

       68
        
                 This is the default directory to look for statically configured secrets like <literal>cluster-join-token.key</literal>.

     

       0
        
       
     

       0
        
       
     

       69
        
               '';

     

       70
        
               type = types.path;

     

       71
        
               default = config.baseDirectory + "/secrets";

     
···

       74
        
             clusterJoinTokenPath = mkOption {

     

       75
        
               description = ''

     

       76
        
                 Location of the cluster-join-token.key file.

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       77
        
               '';

     

       78
        
               type = types.path;

     

       79
        
               default = config.staticSecretsDirectory + "/cluster-join-token.key";

     

       80
        
               defaultText = literalExpression ''staticSecretsDirectory + "/cluster-join-token.key"'';

     

       81
       -
               # internal: It's a bit too detailed to show by default in the docs,

     

       82
       -
               # but useful to define explicitly to allow reuse by other modules.

     

       83
       -
               internal = true;

     

       84
        
             };

     

       85
        
             binaryCachesPath = mkOption {

     

       86
        
               description = ''

     

       87
       -
                 Location of the binary-caches.json file.

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       88
        
               '';

     

       89
        
               type = types.path;

     

       90
        
               default = config.staticSecretsDirectory + "/binary-caches.json";

     

       91
        
               defaultText = literalExpression ''staticSecretsDirectory + "/binary-caches.json"'';

     

       92
       -
               # internal: It's a bit too detailed to show by default in the docs,

     

       93
       -
               # but useful to define explicitly to allow reuse by other modules.

     

       94
       -
               internal = true;

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       95
        
             };

     

       96
        
           };

     

       97
        
         };

     
···

       177
        
       

     

       178
        
             These are written as options instead of let binding to allow sharing with

     

       179
        
             default.nix on both NixOS and nix-darwin.

     

       180
       -
            */

     

       181
        
           tomlFile = mkOption {

     

       182
        
             type = types.path;

     

       183
        
             internal = true;

···

       1
        
       /*

     

       2
        
       

     

       3
       +
         This file is for options that NixOS and nix-darwin have in common.

     

       4
        
       

     

       5
       +
         Platform-specific code is in the respective default.nix files.

     

       6
        
       

     

       7
       +
       */

     

       8
        
       

     

       9
        
       { config, lib, options, pkgs, ... }:

     

       10
        
       let

     
···

       27
        
         settingsModule = { config, ... }: {

     

       28
        
           freeformType = format.type;

     

       29
        
           options = {

     

       30
       +
             apiBaseUrl = mkOption {

     

       31
       +
               description = ''

     

       32
       +
                 API base URL that the agent will connect to.

     

       33
       +
       

     

       34
       +
                 When using Hercules CI Enterprise, set this to the URL where your

     

       35
       +
                 Hercules CI server is reachable.

     

       36
       +
               '';

     

       37
       +
               type = types.str;

     

       38
       +
               default = "https://hercules-ci.com";

     

       39
       +
             };

     

       40
        
             baseDirectory = mkOption {

     

       41
        
               type = types.path;

     

       42
        
               default = "/var/lib/hercules-ci-agent";

     
···

       65
        
               type = types.either types.ints.positive (types.enum [ "auto" ]);

     

       66
        
               default = "auto";

     

       67
        
             };

     

       68
       +
             labels = mkOption {

     

       69
       +
               description = ''

     

       70
       +
                 A key-value map of user data.

     

       71
       +
       

     

       72
       +
                 This data will be available to organization members in the dashboard and API.

     

       73
       +
       

     

       74
       +
                 The values can be of any TOML type that corresponds to a JSON type, but arrays

     

       75
       +
                 can not contain tables/objects due to limitations of the TOML library. Values

     

       76
       +
                 involving arrays of non-primitive types may not be representable currently.

     

       77
       +
               '';

     

       78
       +
               type = format.type;

     

       79
       +
               defaultText = literalExpression ''

     

       80
       +
                 {

     

       81
       +
                   agent.source = "..."; # One of "nixpkgs", "flake", "override"

     

       82
       +
                   lib.version = "...";

     

       83
       +
                   pkgs.version = "...";

     

       84
       +
                 }

     

       85
       +
               '';

     

       86
       +
             };

     

       87
        
             workDirectory = mkOption {

     

       88
        
               description = ''

     

       89
        
                 The directory in which temporary subdirectories are created for task state. This includes sources for Nix evaluation.

     
···

       95
        
             staticSecretsDirectory = mkOption {

     

       96
        
               description = ''

     

       97
        
                 This is the default directory to look for statically configured secrets like <literal>cluster-join-token.key</literal>.

     

       98
       +
       

     

       99
       +
                 See also <literal>clusterJoinTokenPath</literal> and <literal>binaryCachesPath</literal> for fine-grained configuration.

     

       100
        
               '';

     

       101
        
               type = types.path;

     

       102
        
               default = config.baseDirectory + "/secrets";

     
···

       105
        
             clusterJoinTokenPath = mkOption {

     

       106
        
               description = ''

     

       107
        
                 Location of the cluster-join-token.key file.

     

       108
       +
       

     

       109
       +
                 You can retrieve the contents of the file when creating a new agent via

     

       110
       +
                 <link xlink:href="https://hercules-ci.com/dashboard">https://hercules-ci.com/dashboard</link>.

     

       111
       +
       

     

       112
       +
                 As this value is confidential, it should not be in the store, but

     

       113
       +
                 installed using other means, such as agenix, NixOps

     

       114
       +
                 <literal>deployment.keys</literal>, or manual installation.

     

       115
       +
       

     

       116
       +
                 The contents of the file are used for authentication between the agent and the API.

     

       117
        
               '';

     

       118
        
               type = types.path;

     

       119
        
               default = config.staticSecretsDirectory + "/cluster-join-token.key";

     

       120
        
               defaultText = literalExpression ''staticSecretsDirectory + "/cluster-join-token.key"'';

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       121
        
             };

     

       122
        
             binaryCachesPath = mkOption {

     

       123
        
               description = ''

     

       124
       +
                 Path to a JSON file containing binary cache secret keys.

     

       125
       +
       

     

       126
       +
                 As these values are confidential, they should not be in the store, but

     

       127
       +
                 copied over using other means, such as agenix, NixOps

     

       128
       +
                 <literal>deployment.keys</literal>, or manual installation.

     

       129
       +
       

     

       130
       +
                 The format is described on <link xlink:href="https://docs.hercules-ci.com/hercules-ci-agent/binary-caches-json/">https://docs.hercules-ci.com/hercules-ci-agent/binary-caches-json/</link>.

     

       131
        
               '';

     

       132
        
               type = types.path;

     

       133
        
               default = config.staticSecretsDirectory + "/binary-caches.json";

     

       134
        
               defaultText = literalExpression ''staticSecretsDirectory + "/binary-caches.json"'';

     

       135
       +
             };

     

       136
       +
             secretsJsonPath = mkOption {

     

       137
       +
               description = ''

     

       138
       +
                 Path to a JSON file containing secrets for effects.

     

       139
       +
       

     

       140
       +
                 As these values are confidential, they should not be in the store, but

     

       141
       +
                 copied over using other means, such as agenix, NixOps

     

       142
       +
                 <literal>deployment.keys</literal>, or manual installation.

     

       143
       +
       

     

       144
       +
                 The format is described on <link xlink:href="https://docs.hercules-ci.com/hercules-ci-agent/secrets-json/">https://docs.hercules-ci.com/hercules-ci-agent/secrets-json/</link>.

     

       145
       +
       

     

       146
       +
               '';

     

       147
       +
               type = types.path;

     

       148
       +
               default = config.staticSecretsDirectory + "/secrets.json";

     

       149
       +
               defaultText = literalExpression ''staticSecretsDirectory + "/secrets.json"'';

     

       150
        
             };

     

       151
        
           };

     

       152
        
         };

     
···

       232
        
       

     

       233
        
             These are written as options instead of let binding to allow sharing with

     

       234
        
             default.nix on both NixOS and nix-darwin.

     

       235
       +
           */

     

       236
        
           tomlFile = mkOption {

     

       237
        
             type = types.path;

     

       238
        
             internal = true;

+3 -3

nixos/modules/services/continuous-integration/hercules-ci-agent/default.nix

···

       1
        
       /*

     

       2
        
       

     

       3
       -
       This file is for NixOS-specific options and configs.

     

       4
        
       

     

       5
       -
       Code that is shared with nix-darwin goes in common.nix.

     

       6
        
       

     

       7
       -
        */

     

       8
        
       

     

       9
        
       { pkgs, config, lib, ... }:

     

       10
        
       let

···

       1
        
       /*

     

       2
        
       

     

       3
       +
         This file is for NixOS-specific options and configs.

     

       4
        
       

     

       5
       +
         Code that is shared with nix-darwin goes in common.nix.

     

       6
        
       

     

       7
       +
       */

     

       8
        
       

     

       9
        
       { pkgs, config, lib, ... }:

     

       10
        
       let