2 files changed, 35 insertions, 5 deletions

diff --git a/modules/hydra/default.nix b/modules/hydra/default.nix
index 7e0064b..8a7c353 100644
--- a/modules/hydra/default.nix
+++ b/modules/hydra/default.nix
@@ -11,15 +11,37 @@ with self.lib.nginx;
     extraConfig = lib.readFile ./hydra.conf;
   };
 
-  secrets = {
-    hydraLdap = {
-      source = ../../secrets/authentik/hydra;
-      dest = "/var/lib/hydra/ldap-password.conf";
+  secrets =
+    let
       owner = "hydra";
       group = "hydra";
       permissions = "0440";
+    in
+    {
+      hydraLdap = {
+        inherit owner group permissions;
+        source = ../../secrets/hydra/ldap-password.conf;
+        dest = "/var/lib/hydra/ldap-password.conf";
+      };
+
+      hydraGit = {
+        inherit owner group permissions;
+        source = ../../secrets/hydra/git.conf;
+        dest = "/var/lib/hydra/git.conf";
+      };
+
+      hydraPrivKey = {
+        inherit owner group permissions;
+        source = ../../secrets/hydra/priv.key;
+        dest = "/var/lib/hydra/priv.key";
+      };
+
+      hydraPubKey = {
+        inherit owner group permissions;
+        source = ../../secrets/hydra/pub.key;
+        dest = "/var/lib/hydra/pub.key";
+      };
     };
-  };
 
   services.nginx = {
     enable = true;
diff --git a/modules/hydra/hydra.conf b/modules/hydra/hydra.conf
index 27a1046..92114e2 100644
--- a/modules/hydra/hydra.conf
+++ b/modules/hydra/hydra.conf
@@ -1,3 +1,11 @@
+store_uri = file:///srv/nix-cache?secret-key=/var/lib/hydra/priv.key
+
+include /var/lib/hydra/git.conf
+
+<dynamicruncommand>
+  enable = 1
+</dynamicruncommand>
+
 <ldap>
   <config>
     <credential>