diff options
| author | Max Audron <audron@cocaine.farm> | 2024-03-29 12:09:04 +0100 |
|---|---|---|
| committer | Max Audron <audron@cocaine.farm> | 2024-03-29 12:09:04 +0100 |
| commit | bfd3886bc530d98f9bee85f2fc8233797ffe6ce3 (patch) | |
| tree | 5f8fec2503d5aaf09ef8b9e6b42ceb5dc058424d | |
| parent | extend postgresql hpa for podman ips (diff) | |
add hydra secrets
| -rw-r--r-- | modules/hydra/default.nix | 32 | ||||
| -rw-r--r-- | modules/hydra/hydra.conf | 8 |
2 files changed, 35 insertions, 5 deletions
diff --git a/modules/hydra/default.nix b/modules/hydra/default.nix index 7e0064b..8a7c353 100644 --- a/modules/hydra/default.nix +++ b/modules/hydra/default.nix @@ -11,15 +11,37 @@ with self.lib.nginx; extraConfig = lib.readFile ./hydra.conf; }; - secrets = { - hydraLdap = { - source = ../../secrets/authentik/hydra; - dest = "/var/lib/hydra/ldap-password.conf"; + secrets = + let owner = "hydra"; group = "hydra"; permissions = "0440"; + in + { + hydraLdap = { + inherit owner group permissions; + source = ../../secrets/hydra/ldap-password.conf; + dest = "/var/lib/hydra/ldap-password.conf"; + }; + + hydraGit = { + inherit owner group permissions; + source = ../../secrets/hydra/git.conf; + dest = "/var/lib/hydra/git.conf"; + }; + + hydraPrivKey = { + inherit owner group permissions; + source = ../../secrets/hydra/priv.key; + dest = "/var/lib/hydra/priv.key"; + }; + + hydraPubKey = { + inherit owner group permissions; + source = ../../secrets/hydra/pub.key; + dest = "/var/lib/hydra/pub.key"; + }; }; - }; services.nginx = { enable = true; diff --git a/modules/hydra/hydra.conf b/modules/hydra/hydra.conf index 27a1046..92114e2 100644 --- a/modules/hydra/hydra.conf +++ b/modules/hydra/hydra.conf @@ -1,3 +1,11 @@ +store_uri = file:///srv/nix-cache?secret-key=/var/lib/hydra/priv.key + +include /var/lib/hydra/git.conf + +<dynamicruncommand> + enable = 1 +</dynamicruncommand> + <ldap> <config> <credential> |