diff options
-rw-r--r-- | modules/services/buildkite/default.nix | 46 | ||||
-rw-r--r-- | modules/services/default.nix | 1 |
2 files changed, 47 insertions, 0 deletions
diff --git a/modules/services/buildkite/default.nix b/modules/services/buildkite/default.nix new file mode 100644 index 0000000..a1bd021 --- /dev/null +++ b/modules/services/buildkite/default.nix @@ -0,0 +1,46 @@ +{ config, pkgs, lib, ... }: +let + cfg = config.my.services.buildkite; + agents = lib.range 1 5; + secrets = config.age.secrets; +in { + options.my.services.buildkite = with lib; { + enable = mkEnableOption "buildkite agent"; + }; + + config = lib.mkIf cfg.enable { + # see https://buildkite.com/docs/agent/v3 + # and https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/continuous-integration/buildkite-agents.nix + services.buildkite-agents = lib.listToAttrs (map (n: rec { + name = "builder-${toString n}"; + value = { + inherit name; + enable = true; + tokenPath = secrets."buildkite/agent".path; + runtimePackages = with pkgs; [ + bash + coreutils + curl + git + gnutar + gzip + jq + nix + ]; + }; + }) agents); + + # Set up a group for all Buildkite agent users + users = { + groups.buildkite-agents = { }; + users = builtins.listToAttrs (map (n: rec { + name = "buildkite-agent-builder-${toString n}"; + value = { + isSystemUser = true; + group = lib.mkForce "buildkite-agents"; + extraGroups = [ name "docker" ]; + }; + }) agents); + }; + }; +} diff --git a/modules/services/default.nix b/modules/services/default.nix index 2c3ee63..73e2e6d 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -4,6 +4,7 @@ imports = [ ./avahi ./backup + ./buildkite ./cgit ./drone ./fwupd |