{ lib, ... }:
let
  hydra_domain = "ci.sinerva.eu";
  cache_domain = "cache.sinerva.eu";
in
{
  imports = [
    ./utils/nginx-https-server.nix
    ./utils/acme-http-client.nix
  ];

  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];

  services = {
    hydra = {
      enable = true;
      hydraURL = "https://${hydra_domain}";
      listenHost = "localhost";
      notificationSender = "hydra@sinerva.eu";
      port = 8080;
      useSubstitutes = true;
      extraConfig = ''
        <dynamicruncommand>
          enable = 1
        </dynamicruncommand>
      '';
    };

    nix-serve = {
      enable = true;
      bindAddress = "[::1]";
      port = 8081;
      secretKeyFile = "/persist/secrets/priv_cache_key";
    };

    nginx.virtualHosts = {
      ${hydra_domain}.locations."/" = {
        proxyPass = "http://localhost:8080";
      };
      ${cache_domain}.locations."/" = {
        proxyPass = "http://localhost:8081";
      };
    };
  };

  nix = {
    settings.allowed-uris = [
      "github:"
      "git+https://github.com/"
      "git+ssh://github.com/"
    ];

    buildMachines = [
      {
        hostName = "localhost";
        protocol = null;
        systems = [
          "x86_64-linux"
          "aarch64-linux"
        ];
        supportedFeatures = [
          "kvm"
          "nixos-test"
          "big-parallel"
          "benchmark"
        ];
        maxJobs = 6;
      }
    ];

    gc = {
      options = lib.mkForce "--delete-older-than 1d";
      dates = lib.mkForce "hourly";
      randomizedDelaySec = lib.mkForce "0";
    };
  };
}