Deploy with NixOps
1. Bootstrap
Create a folder called mycompany-agents with a file:
let
hercules-ci-agent =
builtins.fetchTarball "https://github.com/hercules-ci/hercules-ci-agent/archive/stable.tar.gz";
in
{
network.description = "Hercules CI agents";
agent = {
imports = [
(hercules-ci-agent + "/module.nix")
];
services.hercules-ci-agent.enable = true;
services.hercules-ci-agent.concurrentTasks = 4; # Number of jobs to run
deployment.keys."cluster-join-token.key".keyFile = ./cluster-join-token.key;
deployment.keys."binary-caches.json".keyFile = ./binary-caches.json;
};
}
2. Pick provisioning target
Choose between backends. NixOps can deploy to:
An example physical specification:
{
agent = {
deployment.targetHost = "10.0.0.42"; # Your agent's IP address running NixOS
};
}
3. Get a cluster join token.
-
In the dashboard, find the account for which you would like to deploy the agent,
-
Select your deployment method, select the Generate a token tab and use the button.
-
Copy the token into a plain text file
/var/lib/hercules-ci-agent/secrets/cluster-join-token.key
.
4. Configure a binary cache
Write a file binary-caches.json
in the same directory as hercules-ci-agents.nix
.
Although a single agent works with empty {} binary cache configuration,
we highly recommend setting up a cache from the start.
Running without a cache will break some features and will cause unexpectedly long build times
due to eventual garbage collection.
|
On Cachix you can create a binary cache. After you complete the process, gather the keys into a binary-caches.json
file, replacing all placeholders:
{ "mycache": (1)
{ "kind": "CachixCache"
, "authToken": "eyJhaf23GH53a.bc23BUSI.9q3048hWHh" (2)
, "publicKeys": ["mycache.cachix.org-1:EjBSHzF6VmDnzqlldGXbi0RM3HdjfTU3yDRi9Pd0jTY="] (3)
, "signingKeys": ["uAhqM3jG..."] (4)
}
}
1 | The name of the Cachix cache; for example the mycache part from mycache.cachix.org . |
2 | Optional; only required for private binary caches. You may retrieve this from the Cachix Getting started instructions, step 3. |
3 | The public part of the signing key. Look for "Public Key" on your cache page (example page: https://mycache.cachix.org ). |
4 | A cache-specific secret key to sign store paths. You can find it in ~/.config/cachix/cachix.dhall or your key backup after following the setup instructions on cachix.org. Make sure you copy the right key if you have multiple in your cachix.dhall . |
For more detail, see The binary-caches.json format in the Reference.
|
5. Deploy
To avoid compiling the agent for hours you can use our binary cache to speed it up:
|
Deploy using:
$ nix-shell -p nixops -I nixpkgs=http://nixos.org/channels/nixos-19.09/nixexprs.tar.xz
$ nixops create -d my-agent ./hercules-ci-agents.nix ./hercules-ci-agents-target.nix
$ nixops deploy -d my-agent
The agent will start working as soon as the deployment has succeeded and builds are queued.
6. Repository Setup
The goal of this step is to make sure everything is set up correctly.
-
If you are familiar with Nix, set up your own git repository
-
Otherwise verify your agent setup with a minimal git repository
Troubleshooting
To inspect the agent’s local log, run nixops ssh agent journalctl -u hercules-ci-agent -n 100
to see the last 100 lines.