server7: add Nix signing post-build-hook

2020-04-15 18:56:00 +02:00 · 2020-04-15 18:56:00 +02:00 · c0970654bb
parent d2f65be2e4
commit c0970654bb
1 changed files with 9 additions and 1 deletions
--- a/hosts/server7/default.nix
+++ b/hosts/server7/default.nix
@ -81,9 +81,17 @@ in {

  nix = {
    package = pkgs.nixFlakes;
-    extraOptions = "experimental-features = nix-command flakes ca-references";
    gc.automatic = true;
    optimise.automatic = true;
+    extraOptions = ''
+      experimental-features = nix-command flakes ca-references
+      post-build-hook = ${
+        pkgs.writeScript "post-build-sign-paths" ''
+          #!${pkgs.runtimeShell}
+          nix sign-paths --key-file /var/lib/nix-serve.key $OUT_PATHS
+        ''
+      }
+    '';
  };

  virtualisation.docker.enable = true;