From 8cb7118f7d2c905cb47bea98c8da5bd7a3f2edd6 Mon Sep 17 00:00:00 2001 From: Griffin Smith Date: Mon, 12 Oct 2020 23:27:07 -0400 Subject: feat(gs/mugwump): Add some buildkite agents Add a couple of buildkite agents, based off of the config we're using for whitby (thanks!) for building my own projects that are closed source. Change-Id: I2c73538595002fdf4116f534dc9a5806f17e0558 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2044 Reviewed-by: glittershark Tested-by: BuildkiteCI --- .../system/system/machines/mugwump.nix | 30 ++++++++++++++++++---- 1 file changed, 25 insertions(+), 5 deletions(-) (limited to 'users/glittershark/system/system') diff --git a/users/glittershark/system/system/machines/mugwump.nix b/users/glittershark/system/system/machines/mugwump.nix index 15b5c550f9..96bc1cca3f 100644 --- a/users/glittershark/system/system/machines/mugwump.nix +++ b/users/glittershark/system/system/machines/mugwump.nix @@ -117,6 +117,12 @@ with lib; }; }; + security.acme.certs."metrics.gws.fyi" = { + dnsProvider = "namecheap"; + credentialsFile = "/etc/secrets/namecheap.env"; + webroot = mkForce null; + }; + services.prometheus = { enable = true; exporters = { @@ -178,9 +184,23 @@ with lib; timerConfig.OnCalendar = "minutely"; }; - security.acme.certs."metrics.gws.fyi" = { - dnsProvider = "namecheap"; - credentialsFile = "/etc/secrets/namecheap.env"; - webroot = mkForce null; - }; + virtualisation.docker.enable = true; + + services.buildkite-agents = listToAttrs (map (n: rec { + name = "mugwump-${toString n}"; + value = { + inherit name; + enable = true; + tokenPath = "/etc/secrets/buildkite-agent-token"; + privateSshKeyPath = "/etc/secrets/buildkite-ssh-key"; + runtimePackages = with pkgs; [ + docker + nix + gnutar + ]; + }; + }) (range 1 2)); + + users.users."buildkite-agent-mugwump-1".extraGroups = [ "docker" ]; + users.users."buildkite-agent-mugwump-2".extraGroups = [ "docker" ]; } -- cgit 1.4.1