From bfd3886bc530d98f9bee85f2fc8233797ffe6ce3 Mon Sep 17 00:00:00 2001 From: Max Audron Date: Fri, 29 Mar 2024 12:09:04 +0100 Subject: add hydra secrets --- modules/hydra/default.nix | 32 +++++++++++++++++++++++++++----- modules/hydra/hydra.conf | 8 ++++++++ 2 files changed, 35 insertions(+), 5 deletions(-) diff --git a/modules/hydra/default.nix b/modules/hydra/default.nix index 7e0064b..8a7c353 100644 --- a/modules/hydra/default.nix +++ b/modules/hydra/default.nix @@ -11,15 +11,37 @@ with self.lib.nginx; extraConfig = lib.readFile ./hydra.conf; }; - secrets = { - hydraLdap = { - source = ../../secrets/authentik/hydra; - dest = "/var/lib/hydra/ldap-password.conf"; + secrets = + let owner = "hydra"; group = "hydra"; permissions = "0440"; + in + { + hydraLdap = { + inherit owner group permissions; + source = ../../secrets/hydra/ldap-password.conf; + dest = "/var/lib/hydra/ldap-password.conf"; + }; + + hydraGit = { + inherit owner group permissions; + source = ../../secrets/hydra/git.conf; + dest = "/var/lib/hydra/git.conf"; + }; + + hydraPrivKey = { + inherit owner group permissions; + source = ../../secrets/hydra/priv.key; + dest = "/var/lib/hydra/priv.key"; + }; + + hydraPubKey = { + inherit owner group permissions; + source = ../../secrets/hydra/pub.key; + dest = "/var/lib/hydra/pub.key"; + }; }; - }; services.nginx = { enable = true; diff --git a/modules/hydra/hydra.conf b/modules/hydra/hydra.conf index 27a1046..92114e2 100644 --- a/modules/hydra/hydra.conf +++ b/modules/hydra/hydra.conf @@ -1,3 +1,11 @@ +store_uri = file:///srv/nix-cache?secret-key=/var/lib/hydra/priv.key + +include /var/lib/hydra/git.conf + + + enable = 1 + + -- cgit v1.2.3