summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--config/hydra.nix24
1 files changed, 23 insertions, 1 deletions
diff --git a/config/hydra.nix b/config/hydra.nix
index 11fc806..2d6dd41 100644
--- a/config/hydra.nix
+++ b/config/hydra.nix
@@ -11,7 +11,29 @@ in
notificationSender = "kj+hydra@orbekk.com";
port = hydraPort;
};
-
+
+ systemd.services.hydra-manual-setup = {
+ description = "Create Keys for Hydra";
+ serviceConfig.Type = "oneshot";
+ serviceConfig.RemainAfterExit = true;
+ wantedBy = [ "multi-user.target" ];
+ requires = [ "hydra-init.service" ];
+ after = [ "hydra-init.service" ];
+ environment = config.systemd.services.hydra-init.environment;
+ script = ''
+ if [ ! -e ~hydra/.setup-is-complete ]; then
+ # create signing keys
+ /run/current-system/sw/bin/install -d -m 551 /opt/secret/hydra_key/hydra.orbekk.com-1
+ /run/current-system/sw/bin/nix-store --generate-binary-cache-key hydra.orbekk.com-1 /opt/secret/hydra_key/hydra.orbekk.com-1/secret /opt/secret/hydra_key/hydra.orbekk.com-1/public
+ /run/current-system/sw/bin/chown -R hydra:hydra /opt/secret/hydra_key
+ /run/current-system/sw/bin/chmod 440 /etc/nix/hydra.iohk.io-1/secret
+ /run/current-system/sw/bin/chmod 444 /etc/nix/hydra.iohk.io-1/public
+ # done
+ touch ~hydra/.setup-is-complete
+ fi
+ '';
+ };
+
nix = {
distributedBuilds = true;
nrBuildUsers = 30;