From 34d9e305293dfeab18eb765a0df450f7763739c1 Mon Sep 17 00:00:00 2001
From: RGBCube <git@rgbcu.be>
Date: Wed, 26 Feb 2025 03:00:12 +0300
Subject: [PATCH] fix

---
 hosts/best/hercules/default.nix | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/hosts/best/hercules/default.nix b/hosts/best/hercules/default.nix
index 3e6578f..c28f93c 100644
--- a/hosts/best/hercules/default.nix
+++ b/hosts/best/hercules/default.nix
@@ -1,11 +1,10 @@
 { self, config, lib, ... }: let
-  inherit (lib) enabled genAttrs removeAttrs;
+  inherit (lib) enabled removeAttrs;
 in {
-  secrets.awsCredentials = {
+  secrets.herculesCredentials = {
     file  = ./credentials.age;
     owner = "hercules-ci-agent";
   };
-
   secrets.herculesCaches = {
     file  = ./caches.age;
     owner = "hercules-ci-agent";
@@ -19,11 +18,12 @@ in {
     owner = "hercules-ci-agent";
   };
 
-  home-manager.users = genAttrs [ "hercules-ci-agent" "root" ] (_: homeArgs: let
-    homeLib    = homeArgs.config.lib;
-  in {
-    home.file.".aws/credentials".source = homeLib.file.mkOutOfStoreSymlink config.secrets.awsCredentials.path;
-  });
+  systemd.services.hercules-ci-agent.environment = {
+    AWS_SHARED_CREDENTIALS_FILE = config.secrets.herculesCredentials.path;
+
+    # AWS SDK is incredibly gay and will continuously try to contact 169.254.169.254 for EC2 metadata.
+    AWS_EC2_METADATA_DISABLED = "true";
+  };
 
   services.hercules-ci-agent = enabled {
     settings = {