add hydra secrets

1 files changed, 27 insertions, 5 deletions

diff --git a/modules/hydra/default.nix b/modules/hydra/default.nix
index 7e0064b..8a7c353 100644
--- a/modules/hydra/default.nix
+++ b/modules/hydra/default.nix
@@ -11,15 +11,37 @@ with self.lib.nginx;
     extraConfig = lib.readFile ./hydra.conf;
   };
 
-  secrets = {
-    hydraLdap = {
-      source = ../../secrets/authentik/hydra;
-      dest = "/var/lib/hydra/ldap-password.conf";
+  secrets =
+    let
       owner = "hydra";
       group = "hydra";
       permissions = "0440";
+    in
+    {
+      hydraLdap = {
+        inherit owner group permissions;
+        source = ../../secrets/hydra/ldap-password.conf;
+        dest = "/var/lib/hydra/ldap-password.conf";
+      };
+
+      hydraGit = {
+        inherit owner group permissions;
+        source = ../../secrets/hydra/git.conf;
+        dest = "/var/lib/hydra/git.conf";
+      };
+
+      hydraPrivKey = {
+        inherit owner group permissions;
+        source = ../../secrets/hydra/priv.key;
+        dest = "/var/lib/hydra/priv.key";
+      };
+
+      hydraPubKey = {
+        inherit owner group permissions;
+        source = ../../secrets/hydra/pub.key;
+        dest = "/var/lib/hydra/pub.key";
+      };
     };
-  };
 
   services.nginx = {
     enable = true;