2024-04-10 08:47:07 +10:00
|
|
|
{ config, pkgs, ... }:
|
|
|
|
|
let
|
|
|
|
|
securityWrapper = pkgs.writeScriptBin "security" ''
|
|
|
|
|
exec /usr/bin/security "$@"
|
|
|
|
|
'';
|
|
|
|
|
in
|
2023-07-17 13:53:06 +10:00
|
|
|
{
|
2024-05-05 15:01:47 +10:00
|
|
|
age.secrets.binary-caches = {
|
|
|
|
|
file = ../../../secrets/binary-caches.age;
|
|
|
|
|
mode = "600";
|
|
|
|
|
owner = "_hercules-ci-agent";
|
|
|
|
|
group = "_hercules-ci-agent";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
age.secrets.cluster-join-token = {
|
|
|
|
|
file = ../../../secrets/cluster-join-token.age;
|
|
|
|
|
mode = "600";
|
|
|
|
|
owner = "_hercules-ci-agent";
|
|
|
|
|
group = "_hercules-ci-agent";
|
|
|
|
|
};
|
|
|
|
|
|
2023-07-17 13:53:06 +10:00
|
|
|
services.hercules-ci-agent.enable = true;
|
2024-04-10 08:47:07 +10:00
|
|
|
|
2024-05-05 15:01:47 +10:00
|
|
|
services.hercules-ci-agent.settings = {
|
|
|
|
|
binaryCachesPath = config.age.secrets.binary-caches.path;
|
|
|
|
|
clusterJoinTokenPath = config.age.secrets.cluster-join-token.path;
|
|
|
|
|
};
|
|
|
|
|
|
2024-04-10 08:47:07 +10:00
|
|
|
# hercules-ci-agent: security: createProcess: posix_spawnp: does not exist
|
|
|
|
|
# https://github.com/LnL7/nix-darwin/blob/36524adc31566655f2f4d55ad6b875fb5c1a4083/modules/services/hercules-ci-agent/default.nix#L28
|
|
|
|
|
launchd.daemons.hercules-ci-agent.path = pkgs.lib.mkForce [ config.nix.package securityWrapper ];
|
2023-07-17 13:53:06 +10:00
|
|
|
}
|
