diff options
| -rw-r--r-- | config/hydra.nix | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/config/hydra.nix b/config/hydra.nix index 2d6dd41..aec1d73 100644 --- a/config/hydra.nix +++ b/config/hydra.nix @@ -10,8 +10,12 @@ in hydraURL = "https://hydra.orbekk.com"; notificationSender = "kj+hydra@orbekk.com"; port = hydraPort; + extraConfig = '' + store-uri = file:///nix/store?secret-key=/opt/secret/hydra_key/hydra.orbekk.com-1/secret + ''; }; + # From https://github.com/input-output-hk/iohk-nixops systemd.services.hydra-manual-setup = { description = "Create Keys for Hydra"; serviceConfig.Type = "oneshot"; @@ -21,15 +25,15 @@ in after = [ "hydra-init.service" ]; environment = config.systemd.services.hydra-init.environment; script = '' - if [ ! -e ~hydra/.setup-is-complete ]; then + if [ ! -e /opt/secret/hydra_key/initialized ]; then # create signing keys /run/current-system/sw/bin/install -d -m 551 /opt/secret/hydra_key/hydra.orbekk.com-1 /run/current-system/sw/bin/nix-store --generate-binary-cache-key hydra.orbekk.com-1 /opt/secret/hydra_key/hydra.orbekk.com-1/secret /opt/secret/hydra_key/hydra.orbekk.com-1/public /run/current-system/sw/bin/chown -R hydra:hydra /opt/secret/hydra_key - /run/current-system/sw/bin/chmod 440 /etc/nix/hydra.iohk.io-1/secret - /run/current-system/sw/bin/chmod 444 /etc/nix/hydra.iohk.io-1/public + /run/current-system/sw/bin/chmod 440 /opt/secret/hydra_key/hydra.orbekk.com-1/secret + /run/current-system/sw/bin/chmod 444 /opt/secret/hydra_key/hydra.orbekk.com-1/public # done - touch ~hydra/.setup-is-complete + touch /opt/secret/hydra_key/initialized fi ''; }; |