diff options
| author | KJ Ørbekk <kj@orbekk.com> | 2017-06-02 08:20:06 -0400 |
|---|---|---|
| committer | KJ Ørbekk <kj@orbekk.com> | 2017-06-02 08:20:06 -0400 |
| commit | 54b7f2f833332da58055047568690d979906898f (patch) | |
| tree | 293efc3b11c7f74db072d2dcaa2fcbd48f6ca57c | |
| parent | b72b0e332b7a930001e598cdd006ab10b868b2c8 (diff) | |
hydra: Fix binary cache key paths
| -rw-r--r-- | config/hydra.nix | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/config/hydra.nix b/config/hydra.nix index 2d6dd41..aec1d73 100644 --- a/config/hydra.nix +++ b/config/hydra.nix @@ -10,8 +10,12 @@ in hydraURL = "https://hydra.orbekk.com"; notificationSender = "kj+hydra@orbekk.com"; port = hydraPort; + extraConfig = '' + store-uri = file:///nix/store?secret-key=/opt/secret/hydra_key/hydra.orbekk.com-1/secret + ''; }; + # From https://github.com/input-output-hk/iohk-nixops systemd.services.hydra-manual-setup = { description = "Create Keys for Hydra"; serviceConfig.Type = "oneshot"; @@ -21,15 +25,15 @@ in after = [ "hydra-init.service" ]; environment = config.systemd.services.hydra-init.environment; script = '' - if [ ! -e ~hydra/.setup-is-complete ]; then + if [ ! -e /opt/secret/hydra_key/initialized ]; then # create signing keys /run/current-system/sw/bin/install -d -m 551 /opt/secret/hydra_key/hydra.orbekk.com-1 /run/current-system/sw/bin/nix-store --generate-binary-cache-key hydra.orbekk.com-1 /opt/secret/hydra_key/hydra.orbekk.com-1/secret /opt/secret/hydra_key/hydra.orbekk.com-1/public /run/current-system/sw/bin/chown -R hydra:hydra /opt/secret/hydra_key - /run/current-system/sw/bin/chmod 440 /etc/nix/hydra.iohk.io-1/secret - /run/current-system/sw/bin/chmod 444 /etc/nix/hydra.iohk.io-1/public + /run/current-system/sw/bin/chmod 440 /opt/secret/hydra_key/hydra.orbekk.com-1/secret + /run/current-system/sw/bin/chmod 444 /opt/secret/hydra_key/hydra.orbekk.com-1/public # done - touch ~hydra/.setup-is-complete + touch /opt/secret/hydra_key/initialized fi ''; }; |