hydra: Fix binary cache key paths

1 files changed, 8 insertions, 4 deletions

diff --git a/config/hydra.nix b/config/hydra.nix
index 2d6dd41..aec1d73 100644
--- a/config/hydra.nix
+++ b/config/hydra.nix
@@ -10,8 +10,12 @@ in
     hydraURL = "https://hydra.orbekk.com";
     notificationSender = "kj+hydra@orbekk.com";
     port = hydraPort;
+    extraConfig = ''
+      store-uri = file:///nix/store?secret-key=/opt/secret/hydra_key/hydra.orbekk.com-1/secret
+    '';
   };
 
+  # From https://github.com/input-output-hk/iohk-nixops
   systemd.services.hydra-manual-setup = {
     description = "Create Keys for Hydra";
     serviceConfig.Type = "oneshot";
@@ -21,15 +25,15 @@ in
     after = [ "hydra-init.service" ];
     environment = config.systemd.services.hydra-init.environment;
     script = ''
-      if [ ! -e ~hydra/.setup-is-complete ]; then
+      if [ ! -e /opt/secret/hydra_key/initialized ]; then
         # create signing keys
         /run/current-system/sw/bin/install -d -m 551 /opt/secret/hydra_key/hydra.orbekk.com-1
         /run/current-system/sw/bin/nix-store --generate-binary-cache-key hydra.orbekk.com-1 /opt/secret/hydra_key/hydra.orbekk.com-1/secret /opt/secret/hydra_key/hydra.orbekk.com-1/public
         /run/current-system/sw/bin/chown -R hydra:hydra /opt/secret/hydra_key
-        /run/current-system/sw/bin/chmod 440 /etc/nix/hydra.iohk.io-1/secret
-        /run/current-system/sw/bin/chmod 444 /etc/nix/hydra.iohk.io-1/public
+        /run/current-system/sw/bin/chmod 440 /opt/secret/hydra_key/hydra.orbekk.com-1/secret
+        /run/current-system/sw/bin/chmod 444 /opt/secret/hydra_key/hydra.orbekk.com-1/public
         # done
-        touch ~hydra/.setup-is-complete
+        touch /opt/secret/hydra_key/initialized
       fi
     '';
   };