From d59df08cc896f9d6f301b6f0fe4c2a4a03757ee3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vili=20Sinerv=C3=A4?= <vili.m.sinerva@gmail.com>
Date: Fri, 13 Jun 2025 13:24:14 +0300
Subject: [PATCH] Add HTTPS nix cache to hydra

---
 servers/hydra.nix | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/servers/hydra.nix b/servers/hydra.nix
index 2696482..8d6524d 100644
--- a/servers/hydra.nix
+++ b/servers/hydra.nix
@@ -1,6 +1,7 @@
 { lib, ... }:
 let
-  domain = "ci.sinerva.eu";
+  hydra_domain = "ci.sinerva.eu";
+  cache_domain = "cache.sinerva.eu";
 in
 {
   imports = [
@@ -13,7 +14,7 @@ in
   services = {
     hydra = {
       enable = true;
-      hydraURL = "https://${domain}";
+      hydraURL = "https://${hydra_domain}";
       listenHost = "localhost";
       notificationSender = "hydra@sinerva.eu";
       port = 8080;
@@ -25,8 +26,20 @@ in
       '';
     };
 
-    nginx.virtualHosts.${domain}.locations."/" = {
-      proxyPass = "http://localhost:8080";
+    nix-serve = {
+      enable = true;
+      bindAddress = "127.0.0.2";
+      port = 8081;
+      secretKeyFile = "/persist/secrets/priv_cache_key";
+    };
+
+    nginx.virtualHosts = {
+      ${hydra_domain}.locations."/" = {
+        proxyPass = "http://localhost:8080";
+      };
+      ${cache_domain}.locations."/" = {
+        proxyPass = "http://localhost:8081";
+      };
     };
   };