Add optional autoscaler cross-account assume-role support

nix/modules/nixos/services/nix-builder-autoscaler.nix

@@ -97,6 +97,12 @@ in
         default = "";
         description = "Optional instance profile ARN override.";
       };
+
+      assumeRoleArnFile = lib.mkOption {
+        type = lib.types.nullOr lib.types.str;
+        default = null;
+        description = "Optional file containing an IAM role ARN for cross-account autoscaler control-plane calls.";
+      };
     };
 
     haproxy = {
@@ -329,6 +335,9 @@ in
                 ${lib.optionalString (cfg.aws.onDemandLaunchTemplateIdFile != null) ''
                   on_demand_launch_template_id="$(tr -d '\n' < ${lib.escapeShellArg cfg.aws.onDemandLaunchTemplateIdFile})"
                 ''}
+                ${lib.optionalString (cfg.aws.assumeRoleArnFile != null) ''
+                  assume_role_arn="$(tr -d '\n' < ${lib.escapeShellArg cfg.aws.assumeRoleArnFile})"
+                ''}
 
                 cat > ${generatedConfigPath} <<EOF
         [server]
@@ -346,6 +355,7 @@ in
         subnet_ids = $subnet_ids_json
         security_group_ids = ${tomlStringList cfg.aws.securityGroupIds}
         instance_profile_arn = "${cfg.aws.instanceProfileArn}"
+        ${lib.optionalString (cfg.aws.assumeRoleArnFile != null) ''assume_role_arn = "$assume_role_arn"''}
 
         [haproxy]
         runtime_socket = "${cfg.haproxy.runtimeSocket}"