{ config, ... }: { imports = [ ./nix-config.nix ]; sops.secrets."services/hydra/signKey" = { owner = "hydra-queue-runner"; sopsFile = ../../../secrets/services/hydra.yaml; }; sops.secrets."services/hydra/id_ed25519_hydra" = { path = "/var/lib/hydra/.ssh/id_ed25519"; owner = "hydra-queue-runner"; group = "hydra"; mode = "0440"; sopsFile = ../../../secrets/services/hydra.yaml; }; kyouma.deployment.auto-upgrade.cache = "daemon"; services.hydra = { enable = true; hydraURL = "https://hydra.kyouma.net"; listenHost = "localhost"; notificationSender = "hydra@hydra.kyouma.net"; minimumDiskFree = 2; useSubstitutes = true; extraConfig = '' server_store_uri = https://cache.kyouma.net binary_cache_public_uri = https://cache.kyouma.net evaluator_workers = 8 evaluator_max_memory_size = 4096 ''; }; services.harmonia = { enable = true; signKeyPath = config.sops.secrets."services/hydra/signKey".path; settings = { bind = "[::1]:5555"; }; }; kyouma.nginx.defaultForbidden = "hydra.kyouma.net"; kyouma.nginx.virtualHosts = { "hydra.kyouma.net".locations."/".proxyPass = "http://localhost:3000"; "cache.kyouma.net" = { locations."/".proxyPass = "http://[::1]:5555"; locations."= /" = { return = ''200 'Public key:\n\ncache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg=' ''; extraConfig = '' types { } default_type "text/plain; charset=utf-8"; ''; }; }; }; security.acme.certs."hydra.kyouma.net".extraDomainNames = [ "cache.kyouma.net" ]; }