diff options
author | Franck Cuny <franck@fcuny.net> | 2022-05-29 12:46:52 -0700 |
---|---|---|
committer | Franck Cuny <franck@fcuny.net> | 2022-05-30 13:37:39 -0700 |
commit | 440feaff4d68197578d25794b23e585eb8a70c8a (patch) | |
tree | d018bee4325c7d8128c7fa5aae73fc0e2d58eb36 /modules | |
parent | feat(buildkite): add the auth token (diff) | |
download | world-440feaff4d68197578d25794b23e585eb8a70c8a.tar.gz |
feat(buildkite): configure the buildkite agent
Change-Id: Icee60f2372e17f6477a91e7f562c04507788c713 Reviewed-on: https://cl.fcuny.net/c/world/+/168 Reviewed-by: Franck Cuny <franck@fcuny.net>
Diffstat (limited to '')
-rw-r--r-- | modules/services/buildkite/default.nix | 46 | ||||
-rw-r--r-- | modules/services/default.nix | 1 |
2 files changed, 47 insertions, 0 deletions
diff --git a/modules/services/buildkite/default.nix b/modules/services/buildkite/default.nix new file mode 100644 index 0000000..a1bd021 --- /dev/null +++ b/modules/services/buildkite/default.nix @@ -0,0 +1,46 @@ +{ config, pkgs, lib, ... }: +let + cfg = config.my.services.buildkite; + agents = lib.range 1 5; + secrets = config.age.secrets; +in { + options.my.services.buildkite = with lib; { + enable = mkEnableOption "buildkite agent"; + }; + + config = lib.mkIf cfg.enable { + # see https://buildkite.com/docs/agent/v3 + # and https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/continuous-integration/buildkite-agents.nix + services.buildkite-agents = lib.listToAttrs (map (n: rec { + name = "builder-${toString n}"; + value = { + inherit name; + enable = true; + tokenPath = secrets."buildkite/agent".path; + runtimePackages = with pkgs; [ + bash + coreutils + curl + git + gnutar + gzip + jq + nix + ]; + }; + }) agents); + + # Set up a group for all Buildkite agent users + users = { + groups.buildkite-agents = { }; + users = builtins.listToAttrs (map (n: rec { + name = "buildkite-agent-builder-${toString n}"; + value = { + isSystemUser = true; + group = lib.mkForce "buildkite-agents"; + extraGroups = [ name "docker" ]; + }; + }) agents); + }; + }; +} diff --git a/modules/services/default.nix b/modules/services/default.nix index 2c3ee63..73e2e6d 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -4,6 +4,7 @@ imports = [ ./avahi ./backup + ./buildkite ./cgit ./drone ./fwupd |