1 files changed, 23 insertions, 1 deletions

diff --git a/config/hydra.nix b/config/hydra.nix
index 11fc806..2d6dd41 100644
--- a/config/hydra.nix
+++ b/config/hydra.nix
@@ -11,7 +11,29 @@ in
     notificationSender = "kj+hydra@orbekk.com";
     port = hydraPort;
   };
-  
+
+  systemd.services.hydra-manual-setup = {
+    description = "Create Keys for Hydra";
+    serviceConfig.Type = "oneshot";
+    serviceConfig.RemainAfterExit = true;
+    wantedBy = [ "multi-user.target" ];
+    requires = [ "hydra-init.service" ];
+    after = [ "hydra-init.service" ];
+    environment = config.systemd.services.hydra-init.environment;
+    script = ''
+      if [ ! -e ~hydra/.setup-is-complete ]; then
+        # create signing keys
+        /run/current-system/sw/bin/install -d -m 551 /opt/secret/hydra_key/hydra.orbekk.com-1
+        /run/current-system/sw/bin/nix-store --generate-binary-cache-key hydra.orbekk.com-1 /opt/secret/hydra_key/hydra.orbekk.com-1/secret /opt/secret/hydra_key/hydra.orbekk.com-1/public
+        /run/current-system/sw/bin/chown -R hydra:hydra /opt/secret/hydra_key
+        /run/current-system/sw/bin/chmod 440 /etc/nix/hydra.iohk.io-1/secret
+        /run/current-system/sw/bin/chmod 444 /etc/nix/hydra.iohk.io-1/public
+        # done
+        touch ~hydra/.setup-is-complete
+      fi
+    '';
+  };  
+
   nix = {
     distributedBuilds = true;
     nrBuildUsers = 30;