added key deployment tool.

deployments/ci.nix

@@ -69,7 +69,7 @@ in
         chownsec = {
           text = ''
               mkdir -p /run/secrets/
-              chown -R ${config.users.users.hydra-queue-runner.uid}:${config.users.groups.hydra.gid} /run/secrets
+              chown -R ${builtins.toString config.users.users.hydra-queue-runner.uid}:${builtins.toString config.users.groups.hydra.gid} /run/secrets
             '';
             deps = [];
           };

deployments/send-secret.sh

+#!/usr/bin/env bash
+
+echo "extracting/sending hydra-master secret key from password store"
+pass keys/rsa/PRIVATE/hydra-master@chameleon | ssh root@129.114.111.116 'cat > /run/secrets/id_buildfarm'
+echo "chown-ing the key on the machine"
+ssh root@129.114.111.116 'chown hydra-queue-runner:hydra /run/secrets/id_buildfarm'