{ config, ... }: { sops.secrets."services/hydra/signKey" = { owner = "hydra-queue-runner"; sopsFile = ../../secrets/services/hydra.yaml; }; services.hydra = { enable = true; hydraURL = "https://hydra.kyouma.net"; listenHost = "localhost"; notificationSender = "hydra@hydra.kyouma.net"; minimumDiskFree = 2; useSubstitutes = true; extraConfig = '' store_uri = file:///var/cache/hydra?secret-key=${config.sops.secrets."services/hydra/signKey".path}&write-nar-listing=1&ls-compression=xz&log-compression=xz&want-mass-query=1&priority=41 upload_logs_to_binary_cache = true server_store_uri = https://cache.kyouma.net binary_cache_public_uri = https://cache.kyouma.net ''; }; nix.buildMachines = [ { hostName = "localhost"; sshUser = "build"; maxJobs = 40; speedFactor = 40; systems = [ "x86_64-linux" "x86_64-darwin" ]; supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; sshKey = "/var/lib/hydra/id_ed25519"; } { hostName = "integra.kyouma.net"; sshUser = "build"; maxJobs = 4; speedFactor = 8; systems = [ "aarch64-linux" "aarch64-darwin" ]; supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; sshKey = "/var/lib/hydra/id_ed25519"; } ]; nix.settings = { allowed-uris = [ "github:" "git+https://" "git+ssh://" ]; }; programs.ssh = { knownHosts."integra.kyouma.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBwEQiSfaDrUAwgul4mktusBPcIVxI4pLNDh9DPopVU"; }; kyouma.nginx.virtualHosts = { "hydra.kyouma.net" = { locations."/" = { proxyPass = "http://localhost:3000"; }; }; "cache.kyouma.net" = { root = "/var/cache/hydra"; locations."= /" = { return = ''200 'Public key:\n\ncache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg=' ''; extraConfig = '' types { } default_type "text/plain; charset=utf-8"; ''; }; }; }; security.acme.certs."cache.kyouma.net" = {}; security.acme.certs."hydra.kyouma.net" = {}; }