{ config, inputs, lib, ... }: { imports = [ ./nix-config.nix inputs.hydra.nixosModules.hydra ]; sops.secrets."services/hydra/signKey" = { owner = "hydra-queue-runner"; sopsFile = ../../../secrets/services/hydra.yaml; }; sops.secrets."services/hydra/id_ed25519_hydra-eval" = { path = "/var/lib/hydra/.ssh/id_ed25519"; owner = "hydra"; mode = "0400"; sopsFile = ../../../secrets/services/hydra.yaml; }; sops.secrets."services/hydra/id_ed25519_hydra" = { owner = "hydra-queue-runner"; sopsFile = ../../../secrets/services/hydra.yaml; }; kyouma.deployment.auto-upgrade.cache = "daemon"; services.hydra-dev = { enable = true; package = inputs.hydra.packages.${config.nixpkgs.hostPlatform.system}.hydra; hydraURL = "https://hydra.kyouma.net"; listenHost = "localhost"; notificationSender = "hydra@hydra.kyouma.net"; minimumDiskFree = 2; useSubstitutes = true; extraConfig = '' server_store_uri = https://cache.kyouma.net binary_cache_public_uri = https://cache.kyouma.net evaluator_workers = 1 evaluator_max_memory_size = 4096 max_output_size = ${builtins.toString (24 * 1024 * 1024 * 1024)} ''; }; services.harmonia = { enable = true; signKeyPaths = lib.singleton config.sops.secrets."services/hydra/signKey".path; settings = { bind = "[::1]:5555"; }; }; systemd.services.hydra-evaluator.serviceConfig = { MemoryHigh = "150G"; MemoryMax = "155G"; }; kyouma.nginx.defaultForbidden = "hydra.kyouma.net"; kyouma.nginx.virtualHosts = { "hydra.kyouma.net".locations."/".proxyPass = "http://localhost:3000"; "cache.kyouma.net" = { locations."/".proxyPass = "http://[::1]:5555"; locations."= /" = { return = ''200 'Public key:\n\ncache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg=' ''; extraConfig = '' types { } default_type "text/plain; charset=utf-8"; ''; }; }; }; security.acme.certs."hydra.kyouma.net".extraDomainNames = [ "cache.kyouma.net" ]; }