{ config, lib, ... }: let hydra_domain = "ci.sinerva.eu"; cache_domain = "cache.sinerva.eu"; in { imports = [ ./utils/nginx-https-server.nix ./utils/acme-http-client.nix ]; systemd.tmpfiles.settings."hydra-home"."/var/lib/hydra".d = { user = "hydra"; group = "hydra"; mode = "0750"; }; environment.persistence."/persist" = { directories = [ { directory = "/var/lib/postgresql"; user = "postgresql"; group = "postgresql"; mode = "u=rwx,g=rx,o="; } ]; files = [ "/var/lib/hydra/.db-created" ]; }; sops.secrets.priv-cache-key.sopsFile = ../secrets/ci.yaml; boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; systemd.services.hydra-server = { after = [ "network-online.target" ]; wants = [ "network-online.target" ]; }; services = { hydra = { enable = true; hydraURL = "https://${hydra_domain}"; listenHost = "localhost"; notificationSender = "hydra@sinerva.eu"; port = 8080; useSubstitutes = true; extraConfig = '' enable = 1 ''; }; nix-serve = { enable = true; bindAddress = "127.0.0.2"; port = 8081; secretKeyFile = config.sops.secrets.priv-cache-key.path; }; nginx.virtualHosts = { ${hydra_domain}.locations."/" = { proxyPass = "http://localhost:8080"; }; ${cache_domain}.locations."/" = { proxyPass = "http://127.0.0.2:8081"; }; }; }; nix = { settings.allowed-uris = [ "github:" "git+https://github.com/" "git+ssh://github.com/" ]; buildMachines = [ { hostName = "localhost"; protocol = null; systems = [ "x86_64-linux" "aarch64-linux" ]; supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ]; maxJobs = 6; } ]; gc = { options = lib.mkForce "--delete-older-than 1d"; dates = lib.mkForce "hourly"; randomizedDelaySec = lib.mkForce "0"; }; }; }