feat(gs/mugwump): Add some buildkite agents r/1844

Add a couple of buildkite agents, based off of the config we're using
for whitby (thanks!) for building my own projects that are closed
source.

Change-Id: I2c73538595002fdf4116f534dc9a5806f17e0558
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2044
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI

1 files changed, 25 insertions, 5 deletions

diff --git a/users/glittershark/system/system/machines/mugwump.nix b/users/glittershark/system/system/machines/mugwump.nix
index 15b5c550f9..96bc1cca3f 100644
--- a/users/glittershark/system/system/machines/mugwump.nix
+++ b/users/glittershark/system/system/machines/mugwump.nix
@@ -117,6 +117,12 @@ with lib;
     };
   };
 
+  security.acme.certs."metrics.gws.fyi" = {
+    dnsProvider = "namecheap";
+    credentialsFile = "/etc/secrets/namecheap.env";
+    webroot = mkForce null;
+  };
+
   services.prometheus = {
     enable = true;
     exporters = {
@@ -178,9 +184,23 @@ with lib;
     timerConfig.OnCalendar = "minutely";
   };
 
-  security.acme.certs."metrics.gws.fyi" = {
-    dnsProvider = "namecheap";
-    credentialsFile = "/etc/secrets/namecheap.env";
-    webroot = mkForce null;
-  };
+  virtualisation.docker.enable = true;
+
+  services.buildkite-agents = listToAttrs (map (n: rec {
+    name = "mugwump-${toString n}";
+    value = {
+      inherit name;
+      enable = true;
+      tokenPath = "/etc/secrets/buildkite-agent-token";
+      privateSshKeyPath = "/etc/secrets/buildkite-ssh-key";
+      runtimePackages = with pkgs; [
+        docker
+        nix
+        gnutar
+      ];
+    };
+  }) (range 1 2));
+
+  users.users."buildkite-agent-mugwump-1".extraGroups = [ "docker" ];
+  users.users."buildkite-agent-mugwump-2".extraGroups = [ "docker" ];
 }