feat: reenable hercules-ci-agent(s)

Signed-off-by: Burgess Chang <[email protected]>

flake.nix

@@ -22,6 +22,21 @@
     ];
   };
 
+  # Applications
+  inputs = {
+    hercules-ci-agent = {
+      url = "github:hercules-ci/hercules-ci-agent/master";
+      inputs = {
+        nixpkgs = {
+          follows = "nixpkgs";
+        };
+        flake-parts = {
+          follows = "flake-parts";
+        };
+      };
+    };
+  };
+
   # Home Manager
   inputs = {
     home-manager = {
@@ -85,6 +100,9 @@
         };
       };
     };
+    flake-parts-haskell = {
+      url = "github:srid/haskell-flake/0.4.0";
+    };
     flake-utils = {
       url = "github:numtide/flake-utils/main";
       inputs = {

nix/soil/nixosConfigurations/eustoma/default.nix

@@ -7,7 +7,7 @@
   ...
 }:
 let
-  inherit (inputs) hardware lanzaboote;
+  inherit (inputs) hardware hercules-ci-agent lanzaboote;
   inherit (inputs.cells) apps fonts my-emacs;
 
   # This device will not be exposed to the public network. The domain
@@ -22,6 +22,7 @@ in
 {
   imports = [
     cell.nixosProfiles.dae
+    cell.nixosProfiles.hercules-ci-agent
     cell.nixosProfiles.libvirt
     cell.nixosSecrets.eustoma
     cell.nixosSuites.gnome-workstation
@@ -46,6 +47,7 @@ in
       overlays = [
         apps.overlays.unfree
         fonts.overlays.proprius-fonts
+        hercules-ci-agent.overlays.default
         lanzaboote.overlays.default
         my-emacs.overlays.emacs
       ];
@@ -134,6 +136,13 @@ in
       configFile = config.sops.secrets."dae/config.dae".path;
     };
 
+    hercules-ci-agent = {
+      settings = {
+        binaryCachesPath = config.sops.secrets."hercules-ci/binary-caches.json".path;
+        clusterJoinTokenPath = config.sops.secrets."hercules-ci/cluster-join-token.key".path;
+      };
+    };
+
     xserver = {
       videoDrivers = [ "modesetting" ];
     };

nix/soil/nixosConfigurations/lilac/default.nix

@@ -7,7 +7,7 @@
   ...
 }:
 let
-  inherit (inputs) hardware lanzaboote;
+  inherit (inputs) hardware hercules-ci-agent lanzaboote;
   inherit (inputs.cells) apps fonts my-emacs;
 
   # This device will not be exposed to the public network. The domain
@@ -22,9 +22,8 @@ in
 {
   imports = [
     cell.nixosProfiles.dae
+    cell.nixosProfiles.hercules-ci-agent
     cell.nixosProfiles.libvirt
-    # REVIEW re-enable after upstream compatibility with Cachix 1.7.3.
-    # cell.nixosProfiles.hercules-ci-agent
     cell.nixosSecrets.lilac
     cell.nixosSuites.gnome-workstation
     cell.nixosSuites.laptop
@@ -48,6 +47,7 @@ in
       overlays = [
         apps.overlays.unfree
         fonts.overlays.proprius-fonts
+        hercules-ci-agent.overlays.default
         lanzaboote.overlays.default
         my-emacs.overlays.emacs
       ];
@@ -166,13 +166,12 @@ in
       configFile = config.sops.secrets."dae/config.dae".path;
     };
 
-    # REVIEW re-enable after upstream compatibility with Cachix 1.7.3.
-    # hercules-ci-agent = {
-    #   settings = {
-    #     binaryCachesPath = config.sops.secrets."hercules-ci/binary-caches.json".path;
-    #     clusterJoinTokenPath = config.sops.secrets."hercules-ci/cluster-join-token.key".path;
-    #   };
-    # };
+    hercules-ci-agent = {
+      settings = {
+        binaryCachesPath = config.sops.secrets."hercules-ci/binary-caches.json".path;
+        clusterJoinTokenPath = config.sops.secrets."hercules-ci/cluster-join-token.key".path;
+      };
+    };
 
     xserver = {
       videoDrivers = [ "nvidia" ];

nix/soil/nixosSecrets/eustoma/default.nix

@@ -21,6 +21,18 @@ in
       "dae/config.dae" = {
         restartUnits = [ "dae.service" ];
       };
+
+      "hercules-ci/binary-caches.json" = {
+        mode = "0440";
+        owner = "hercules-ci-agent";
+        restartUnits = [ "hercules-ci-agent.service" ];
+      };
+
+      "hercules-ci/cluster-join-token.key" = {
+        mode = "0440";
+        owner = "hercules-ci-agent";
+        restartUnits = [ "hercules-ci-agent.service" ];
+      };
     };
   };
 }

nix/soil/nixosSecrets/lilac/default.nix

@@ -22,18 +22,17 @@ in
         restartUnits = [ "dae.service" ];
       };
 
-      # REVIEW re-enable after upstream compatibility with Cachix 1.7.3.
-      # "hercules-ci/binary-caches.json" = {
-      #   mode = "0440";
-      #   owner = "hercules-ci-agent";
-      #   restartUnits = [ "hercules-ci-agent.service" ];
-      # };
-      #
-      # "hercules-ci/cluster-join-token.key" = {
-      #   mode = "0440";
-      #   owner = "hercules-ci-agent";
-      #   restartUnits = [ "hercules-ci-agent.service" ];
-      # };
+      "hercules-ci/binary-caches.json" = {
+        mode = "0440";
+        owner = "hercules-ci-agent";
+        restartUnits = [ "hercules-ci-agent.service" ];
+      };
+
+      "hercules-ci/cluster-join-token.key" = {
+        mode = "0440";
+        owner = "hercules-ci-agent";
+        restartUnits = [ "hercules-ci-agent.service" ];
+      };
     };
   };
 }