mirror of
https://github.com/LnL7/nix-darwin.git
synced 2025-03-06 16:57:08 +00:00
e65131e69c
This process was automated by [my fork of `nix-doc-munge`]; thanks
to @pennae for writing this tool! It automatically checks that the
resulting documentation doesn't change, although my fork loosens
this a little to ignore some irrelevant whitespace and typographical
differences.
As of this commit there is no DocBook remaining in the options
documentation.
You can play along at home if you want to reproduce this commit:
$ NIX_PATH=nixpkgs=flake:nixpkgs/c1bca7fe84c646cfd4ebf3482c0e6317a0b13f22 \
nix shell nixpkgs#coreutils \
-c find . -name '*.nix' \
-exec nix run github:emilazy/nix-doc-munge/0a7190f600027bf7baf6cb7139e4d69ac2f51062 \
{} +
[my fork of `nix-doc-munge`]: https://github.com/emilazy/nix-doc-munge
81 lines
2.5 KiB
Nix
81 lines
2.5 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
let
|
|
cfg = config.services.hercules-ci-agent;
|
|
user = config.users.users._hercules-ci-agent;
|
|
in
|
|
{
|
|
imports = [ ./common.nix ];
|
|
|
|
meta.maintainers = [
|
|
lib.maintainers.roberth or "roberth"
|
|
];
|
|
|
|
options.services.hercules-ci-agent = {
|
|
|
|
logFile = mkOption {
|
|
type = types.path;
|
|
default = "/var/log/hercules-ci-agent.log";
|
|
description = lib.mdDoc "Stdout and sterr of hercules-ci-agent process.";
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
launchd.daemons.hercules-ci-agent = {
|
|
script = "exec ${cfg.package}/bin/hercules-ci-agent --config ${cfg.tomlFile}";
|
|
|
|
path = [ config.nix.package ];
|
|
environment = {
|
|
NIX_SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
|
};
|
|
|
|
serviceConfig.KeepAlive = true;
|
|
serviceConfig.RunAtLoad = true;
|
|
serviceConfig.StandardErrorPath = cfg.logFile;
|
|
serviceConfig.StandardOutPath = cfg.logFile;
|
|
serviceConfig.GroupName = "_hercules-ci-agent";
|
|
serviceConfig.UserName = "_hercules-ci-agent";
|
|
serviceConfig.WorkingDirectory = user.home;
|
|
serviceConfig.WatchPaths = [
|
|
cfg.settings.staticSecretsDirectory
|
|
];
|
|
};
|
|
|
|
system.activationScripts.preActivation.text = ''
|
|
touch '${cfg.logFile}'
|
|
chown ${toString user.uid}:${toString user.gid} '${cfg.logFile}'
|
|
'';
|
|
|
|
# Trusted user allows simplified configuration and better performance
|
|
# when operating in a cluster.
|
|
nix.settings.trusted-users = [ "_hercules-ci-agent" ];
|
|
services.hercules-ci-agent.settings.nixUserIsTrusted = true;
|
|
|
|
users.knownGroups = [ "hercules-ci-agent" "_hercules-ci-agent" ];
|
|
users.knownUsers = [ "hercules-ci-agent" "_hercules-ci-agent" ];
|
|
|
|
users.users._hercules-ci-agent = {
|
|
uid = mkDefault 399;
|
|
gid = mkDefault config.users.groups._hercules-ci-agent.gid;
|
|
home = mkDefault cfg.settings.baseDirectory;
|
|
name = "_hercules-ci-agent";
|
|
createHome = true;
|
|
shell = "/bin/bash";
|
|
description = "System user for the Hercules CI Agent";
|
|
};
|
|
users.groups._hercules-ci-agent = {
|
|
gid = mkDefault 32001;
|
|
name = "_hercules-ci-agent";
|
|
description = "System group for the Hercules CI Agent";
|
|
};
|
|
|
|
services.hercules-ci-agent.settings.labels = {
|
|
darwin.label = config.system.darwinLabel;
|
|
darwin.revision = config.system.darwinRevision;
|
|
darwin.version = config.system.darwinVersion;
|
|
darwin.nix.daemon = config.nix.useDaemon;
|
|
darwin.nix.sandbox = config.nix.settings.sandbox;
|
|
};
|
|
};
|
|
}
|