Make secret path configurable (mainly for container support).

'/secret/hostName' is still required.

services/hydra.nix

@@ -36,7 +36,7 @@ mkIf (elem "hydra" config.machine.services) {
     # hydra.conf: binary_cache_secret_key_file is deprecated and ignored. use store_uri=...?secret-key= instead
     extraConfig = ''
       max_output_size = 4294967296
-      store_uri = file:///var/cache/hydra?secret-key=/secret/hydra_cache&write-nar-listing=1&ls-compression=br&log-compression=br
+      store_uri = file:///var/cache/hydra?secret-key=${config.machine.secretPath}/hydra_cache&write-nar-listing=1&ls-compression=br&log-compression=br
       # add ?local-nar-cache= to set nar cache location
       server_store_uri = https://cache.${config.machine.domain}
       binary_cache_public_uri https://cache.${config.machine.domain}
@@ -48,7 +48,7 @@ mkIf (elem "hydra" config.machine.services) {
     enable = true;
     bindAddress = "0.0.0.0";
     port = 5000;
-    secretKeyFile = "/secret/hydra_cache";
+    secretKeyFile = "${config.machine.secretPath}/hydra_cache";
     extraParams = ''
 # Dont know how to change the store root yet...
 #      --user hydra-queue-runner