24 lines
614 B
Nix
24 lines
614 B
Nix
{ config, inputs, ... }:
|
|
|
|
let
|
|
secret = {
|
|
mode = "600";
|
|
owner = "_hercules-ci-agent";
|
|
group = "_hercules-ci-agent";
|
|
sopsFile = "${inputs.self}/modules/secrets/hercules-ci.yaml";
|
|
};
|
|
in
|
|
{
|
|
sops.secrets.hercules-binary-caches = secret;
|
|
|
|
sops.secrets.hercules-cluster-join-token = secret;
|
|
|
|
services.hercules-ci-agent = {
|
|
enable = true;
|
|
settings = {
|
|
binaryCachesPath = config.sops.secrets.hercules-binary-caches.path;
|
|
clusterJoinTokenPath = config.sops.secrets.hercules-cluster-join-token.path;
|
|
# secretsJsonPath / hercules-secrets isn't needed on darwin
|
|
};
|
|
};
|
|
}
|