{ config, ... }: { imports = [ ./nix-config.nix ]; sops.secrets."services/hydra/signKey" = { owner = "hydra-queue-runner"; sopsFile = ../../secrets/services/hydra.yaml; }; services.hydra = { enable = true; hydraURL = "https://hydra.kyouma.net"; listenHost = "localhost"; notificationSender = "hydra@hydra.kyouma.net"; minimumDiskFree = 2; useSubstitutes = true; extraConfig = '' store_uri = file:///var/cache/hydra?secret-key=${config.sops.secrets."services/hydra/signKey".path}&write-nar-listing=1&ls-compression=xz&log-compression=xz&want-mass-query=1&priority=41 upload_logs_to_binary_cache = true server_store_uri = https://cache.kyouma.net binary_cache_public_uri = https://cache.kyouma.net ''; }; kyouma.nginx.defaultForbidden = "hydra.kyouma.net"; kyouma.nginx.virtualHosts = { "hydra.kyouma.net" = { locations."/" = { proxyPass = "http://localhost:3000"; }; }; "cache.kyouma.net" = { root = "/var/cache/hydra"; locations."= /" = { return = ''200 'Public key:\n\ncache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg=' ''; extraConfig = '' types { } default_type "text/plain; charset=utf-8"; ''; }; }; }; security.acme.certs."hydra.kyouma.net".extraDomainNames = [ "cache.kyouma.net" ]; }