{ config, ... }: {
  services.hydra = {
    enable = true;
    hydraURL = "https://hydra.kyouma.net";
    listenHost = "localhost";
    notificationSender = "hydra@hydra.kyouma.net";
    minimumDiskFree = 2;
    useSubstitutes = true;
  };
  nix.buildMachines = [
    {
      hostName = "localhost";
      maxJobs = 40;
      speedFactor = 40;
      systems = [ "x86_64-linux" "x86_64-darwin" ];
      supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
    }
    {
      hostName = "integra.kyouma.net";
      sshUser = "build";
      maxJobs = 4;
      speedFactor = 8;
      systems = [ "aarch64-linux" "aarch64-darwin" ];
      supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
      sshKey = "/var/lib/hydra/id_ed25519";
    }
  ];
  nix.settings.allowed-uris = [
    "github:"
    "git+https://"
    "git+ssh://"
  ];
  programs.ssh = {
    knownHosts."integra.kyouma.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBwEQiSfaDrUAwgul4mktusBPcIVxI4pLNDh9DPopVU";
  };
  kyouma.nginx.virtualHosts."hydra.kyouma.net" = {
    locations."/" = {
      proxyPass = "http://localhost:3000";
    };
  };
  security.acme.certs."hydra.kyouma.net" = {};
}