settei/modules/system/common/hercules.nix

{isLinux}: {
  config,
  pkgs,
  lib,
  ...
}: let
  options = {
    common.hercules.enable = lib.mkEnableOption "Enables hercules-ci-agent with my configuration";
  };

  herculesUser =
    if isLinux
    then config.systemd.services.hercules-ci-agent.serviceConfig.User
    else config.launchd.daemons.hercules-ci-agent.serviceConfig.UserName;
in {
  _file = ./hercules.nix;

  inherit options;

  config = lib.mkIf false /* config.common.hercules.enable */ {
    age.secrets.hercules-token = {
      file = ../../../secrets/hercules-token.age;
      owner = herculesUser;
    };
    age.secrets.hercules-cache = {
      file = ../../../secrets/hercules-cache.age;
      owner = herculesUser;
    };
    age.secrets.hercules-secrets = {
      file = ../../../secrets/hercules-secrets.age;
      owner = herculesUser;
    };

    services.hercules-ci-agent = {
      enable = true;
      settings = {
        clusterJoinTokenPath = config.age.secrets.hercules-token.path;
        concurrentTasks = lib.mkDefault 4;
        binaryCachesPath = config.age.secrets.hercules-cache.path;
        secretsJsonPath = config.age.secrets.hercules-secrets.path;
      };
    };
  };
}