diff options
3 files changed, 75 insertions, 20 deletions
diff --git a/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix b/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix index d53d68bdcf97e..80c88714bfc17 100644 --- a/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix +++ b/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix @@ -1,10 +1,10 @@ /* -This file is for options that NixOS and nix-darwin have in common. + This file is for options that NixOS and nix-darwin have in common. -Platform-specific code is in the respective default.nix files. + Platform-specific code is in the respective default.nix files. - */ +*/ { config, lib, options, pkgs, ... }: let @@ -27,6 +27,16 @@ let settingsModule = { config, ... }: { freeformType = format.type; options = { + apiBaseUrl = mkOption { + description = '' + API base URL that the agent will connect to. + + When using Hercules CI Enterprise, set this to the URL where your + Hercules CI server is reachable. + ''; + type = types.str; + default = "https://hercules-ci.com"; + }; baseDirectory = mkOption { type = types.path; default = "/var/lib/hercules-ci-agent"; @@ -55,6 +65,25 @@ let type = types.either types.ints.positive (types.enum [ "auto" ]); default = "auto"; }; + labels = mkOption { + description = '' + A key-value map of user data. + + This data will be available to organization members in the dashboard and API. + + The values can be of any TOML type that corresponds to a JSON type, but arrays + can not contain tables/objects due to limitations of the TOML library. Values + involving arrays of non-primitive types may not be representable currently. + ''; + type = format.type; + defaultText = literalExpression '' + { + agent.source = "..."; # One of "nixpkgs", "flake", "override" + lib.version = "..."; + pkgs.version = "..."; + } + ''; + }; workDirectory = mkOption { description = '' The directory in which temporary subdirectories are created for task state. This includes sources for Nix evaluation. @@ -66,6 +95,8 @@ let staticSecretsDirectory = mkOption { description = '' This is the default directory to look for statically configured secrets like <literal>cluster-join-token.key</literal>. + + See also <literal>clusterJoinTokenPath</literal> and <literal>binaryCachesPath</literal> for fine-grained configuration. ''; type = types.path; default = config.baseDirectory + "/secrets"; @@ -74,24 +105,48 @@ let clusterJoinTokenPath = mkOption { description = '' Location of the cluster-join-token.key file. + + You can retrieve the contents of the file when creating a new agent via + <link xlink:href="https://hercules-ci.com/dashboard">https://hercules-ci.com/dashboard</link>. + + As this value is confidential, it should not be in the store, but + installed using other means, such as agenix, NixOps + <literal>deployment.keys</literal>, or manual installation. + + The contents of the file are used for authentication between the agent and the API. ''; type = types.path; default = config.staticSecretsDirectory + "/cluster-join-token.key"; defaultText = literalExpression ''staticSecretsDirectory + "/cluster-join-token.key"''; - # internal: It's a bit too detailed to show by default in the docs, - # but useful to define explicitly to allow reuse by other modules. - internal = true; }; binaryCachesPath = mkOption { description = '' - Location of the binary-caches.json file. + Path to a JSON file containing binary cache secret keys. + + As these values are confidential, they should not be in the store, but + copied over using other means, such as agenix, NixOps + <literal>deployment.keys</literal>, or manual installation. + + The format is described on <link xlink:href="https://docs.hercules-ci.com/hercules-ci-agent/binary-caches-json/">https://docs.hercules-ci.com/hercules-ci-agent/binary-caches-json/</link>. ''; type = types.path; default = config.staticSecretsDirectory + "/binary-caches.json"; defaultText = literalExpression ''staticSecretsDirectory + "/binary-caches.json"''; - # internal: It's a bit too detailed to show by default in the docs, - # but useful to define explicitly to allow reuse by other modules. - internal = true; + }; + secretsJsonPath = mkOption { + description = '' + Path to a JSON file containing secrets for effects. + + As these values are confidential, they should not be in the store, but + copied over using other means, such as agenix, NixOps + <literal>deployment.keys</literal>, or manual installation. + + The format is described on <link xlink:href="https://docs.hercules-ci.com/hercules-ci-agent/secrets-json/">https://docs.hercules-ci.com/hercules-ci-agent/secrets-json/</link>. + + ''; + type = types.path; + default = config.staticSecretsDirectory + "/secrets.json"; + defaultText = literalExpression ''staticSecretsDirectory + "/secrets.json"''; }; }; }; @@ -177,7 +232,7 @@ in These are written as options instead of let binding to allow sharing with default.nix on both NixOS and nix-darwin. - */ + */ tomlFile = mkOption { type = types.path; internal = true; diff --git a/nixos/modules/services/continuous-integration/hercules-ci-agent/default.nix b/nixos/modules/services/continuous-integration/hercules-ci-agent/default.nix index 06c174e7d376e..968bc8f1e54ed 100644 --- a/nixos/modules/services/continuous-integration/hercules-ci-agent/default.nix +++ b/nixos/modules/services/continuous-integration/hercules-ci-agent/default.nix @@ -1,10 +1,10 @@ /* -This file is for NixOS-specific options and configs. + This file is for NixOS-specific options and configs. -Code that is shared with nix-darwin goes in common.nix. + Code that is shared with nix-darwin goes in common.nix. - */ +*/ { pkgs, config, lib, ... }: let diff --git a/pkgs/development/haskell-modules/hackage-packages.nix b/pkgs/development/haskell-modules/hackage-packages.nix index d35033dff8fe9..b775203566d2b 100644 --- a/pkgs/development/haskell-modules/hackage-packages.nix +++ b/pkgs/development/haskell-modules/hackage-packages.nix @@ -128820,8 +128820,8 @@ self: { }: mkDerivation { pname = "hercules-ci-agent"; - version = "0.8.3"; - sha256 = "0gwbks6yrjjrys39043wdyx1v0fg8ailv3149b2xi4d49p4jin40"; + version = "0.8.4"; + sha256 = "1w93027i5kddn1rj5dgnmvgsadfv3s6ziyga4k3mp094wx2g6syy"; isLibrary = true; isExecutable = true; libraryHaskellDepends = [ @@ -128959,8 +128959,8 @@ self: { }: mkDerivation { pname = "hercules-ci-cli"; - version = "0.2.3"; - sha256 = "10scykaf8kadvgvc5pxjdyn8zvxqmp5gkdy0n82p4mmf2chmdzqz"; + version = "0.2.4"; + sha256 = "0imx1srpi518616jif62l542qpw2wcfiq5a622rg5w76k2vz0hpl"; isLibrary = true; isExecutable = true; libraryHaskellDepends = [ @@ -129016,8 +129016,8 @@ self: { }: mkDerivation { pname = "hercules-ci-cnix-store"; - version = "0.2.1.0"; - sha256 = "18165kwcklp6hg9sh5rmqprnc0ixiq8l9w4y87c9m54dbpwdp4na"; + version = "0.2.1.1"; + sha256 = "0cxir973y3hkm34ci7hc5zsp94s31nnrlkgspwwdd2rakyf4525i"; libraryHaskellDepends = [ base bytestring conduit containers inline-c inline-c-cpp protolude template-haskell unix unliftio-core vector |