{ config, inputs, lib, ... }: { imports = [ ./nix-config.nix inputs.lix-module.nixosModules.default ]; sops.secrets."services/hydra/signKey" = { owner = "hydra-queue-runner"; sopsFile = ../../../secrets/services/hydra.yaml; }; sops.secrets."services/hydra/id_ed25519_hydra-eval" = { path = "/var/lib/hydra/.ssh/id_ed25519"; owner = "hydra"; mode = "0400"; sopsFile = ../../../secrets/services/hydra.yaml; }; sops.secrets."services/hydra/id_ed25519_hydra" = { owner = "hydra-queue-runner"; sopsFile = ../../../secrets/services/hydra.yaml; }; kyouma.deployment.auto-upgrade.cache = "daemon"; nix.package = lib.mkForce inputs.lix-module.packages.${config.nixpkgs.hostPlatform.system}.default; nix.settings.experimental-features = lib.mkForce [ "nix-command" "flakes" "pipe-operator" ]; services.hydra = { enable = true; package = inputs.hydra.packages.${config.nixpkgs.hostPlatform.system}.hydra; hydraURL = "https://hydra.kyouma.net"; listenHost = "localhost"; notificationSender = "hydra@hydra.kyouma.net"; minimumDiskFree = 2; useSubstitutes = true; extraConfig = '' server_store_uri = https://cache.kyouma.net binary_cache_public_uri = https://cache.kyouma.net evaluator_workers = 8 evaluator_max_memory_size = 16384 max_output_size = 4294967296 ''; }; services.harmonia = { enable = true; signKeyPath = config.sops.secrets."services/hydra/signKey".path; settings = { bind = "[::1]:5555"; }; }; kyouma.nginx.defaultForbidden = "hydra.kyouma.net"; kyouma.nginx.virtualHosts = { "hydra.kyouma.net".locations."/".proxyPass = "http://localhost:3000"; "cache.kyouma.net" = { locations."/".proxyPass = "http://[::1]:5555"; locations."= /" = { return = ''200 'Public key:\n\ncache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg=' ''; extraConfig = '' types { } default_type "text/plain; charset=utf-8"; ''; }; }; }; security.acme.certs."hydra.kyouma.net".extraDomainNames = [ "cache.kyouma.net" ]; }