nixfiles/config/services/hydra/default.nix

43 lines
1.4 KiB
Nix
Raw Normal View History

2024-05-09 20:21:49 +02:00
{ config, ... }: {
2024-05-11 16:02:39 +02:00
imports = [
./nix-config.nix
];
2024-05-10 20:09:39 +02:00
sops.secrets."services/hydra/signKey" = {
owner = "hydra-queue-runner";
sopsFile = ../../secrets/services/hydra.yaml;
};
2024-05-09 20:21:49 +02:00
services.hydra = {
enable = true;
hydraURL = "https://hydra.kyouma.net";
listenHost = "localhost";
notificationSender = "hydra@hydra.kyouma.net";
minimumDiskFree = 2;
useSubstitutes = true;
2024-05-10 20:09:39 +02:00
extraConfig = ''
store_uri = file:///var/cache/hydra?secret-key=${config.sops.secrets."services/hydra/signKey".path}&write-nar-listing=1&ls-compression=xz&log-compression=xz&want-mass-query=1&priority=41
upload_logs_to_binary_cache = true
server_store_uri = https://cache.kyouma.net
binary_cache_public_uri = https://cache.kyouma.net
'';
2024-05-09 20:21:49 +02:00
};
2024-05-11 16:02:39 +02:00
kyouma.nginx.defaultForbidden = "hydra.kyouma.net";
2024-05-10 20:09:39 +02:00
kyouma.nginx.virtualHosts = {
"hydra.kyouma.net" = {
locations."/" = {
proxyPass = "http://localhost:3000";
};
};
"cache.kyouma.net" = {
root = "/var/cache/hydra";
locations."= /" = {
return = ''200 'Public key:\n\ncache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg='
'';
extraConfig = ''
types { } default_type "text/plain; charset=utf-8";
'';
};
2024-05-09 20:21:49 +02:00
};
};
2024-05-11 16:02:39 +02:00
security.acme.certs."hydra.kyouma.net".extraDomainNames = [ "cache.kyouma.net" ];
2024-05-09 20:21:49 +02:00
}