Update hydra service with sops options.
This commit is contained in:
parent
c2aa9993ec
commit
1c9cd2be49
1 changed files with 6 additions and 2 deletions
|
@ -42,7 +42,7 @@ in mkIf (elem "hydra" config.machine.services) {
|
||||||
# hydra.conf: binary_cache_secret_key_file is deprecated and ignored. use store_uri=...?secret-key= instead
|
# hydra.conf: binary_cache_secret_key_file is deprecated and ignored. use store_uri=...?secret-key= instead
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
max_output_size = 4294967296
|
max_output_size = 4294967296
|
||||||
store_uri = file://${cacheDir}?secret-key=${cfg.secretPath}/hydra_cache&write-nar-listing=1&ls-compression=br&log-compression=br
|
store_uri = file://${cacheDir}?secret-key=${config.sops.secrets."services.hydra.secretKey".path}&write-nar-listing=1&ls-compression=br&log-compression=br
|
||||||
# add ?local-nar-cache= to set nar cache location
|
# add ?local-nar-cache= to set nar cache location
|
||||||
server_store_uri = https://cache.${cfg.domain}
|
server_store_uri = https://cache.${cfg.domain}
|
||||||
binary_cache_public_uri https://cache.${cfg.domain}
|
binary_cache_public_uri https://cache.${cfg.domain}
|
||||||
|
@ -54,7 +54,7 @@ in mkIf (elem "hydra" config.machine.services) {
|
||||||
enable = true;
|
enable = true;
|
||||||
bindAddress = "0.0.0.0";
|
bindAddress = "0.0.0.0";
|
||||||
port = 5000;
|
port = 5000;
|
||||||
secretKeyFile = "${cfg.secretPath}/hydra_cache";
|
secretKeyFile = config.sops.secrets."services.hydra.secretKey".path;
|
||||||
extraParams = ''
|
extraParams = ''
|
||||||
# Dont know how to change the store root yet...
|
# Dont know how to change the store root yet...
|
||||||
# --user hydra-queue-runner
|
# --user hydra-queue-runner
|
||||||
|
@ -64,4 +64,8 @@ in mkIf (elem "hydra" config.machine.services) {
|
||||||
};
|
};
|
||||||
systemd.services.nix-serve.serviceConfig.User = mkForce "hydra";
|
systemd.services.nix-serve.serviceConfig.User = mkForce "hydra";
|
||||||
systemd.services.nix-serve.environment.NIX_STORE_DIR = cacheDir;
|
systemd.services.nix-serve.environment.NIX_STORE_DIR = cacheDir;
|
||||||
|
sops.secrets."services/hydra/secretKey" = {
|
||||||
|
owner = "hydra";
|
||||||
|
group = "hydra";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue