{ config, lib, pkgs, ... }: let hydraPort = (import ../data/aliases.nix).services.hydra.port; in { networking.firewall.allowedTCPPorts = [ hydraPort ]; virtualisation.virtualbox.host.enable = true; services.hydra = { enable = true; hydraURL = "https://hydra.orbekk.com"; notificationSender = "kj+hydra@orbekk.com"; buildMachinesFiles = []; useSubstitutes = true; port = hydraPort; extraConfig = '' store-uri = file:///nix/store?secret-key=/opt/secret/hydra_key/hydra.orbekk.com-1/secret ''; }; # From https://github.com/input-output-hk/iohk-nixops systemd.services.hydra-manual-setup = { description = "Create Keys for Hydra"; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; wantedBy = [ "multi-user.target" ]; requires = [ "hydra-init.service" ]; after = [ "hydra-init.service" ]; environment = lib.mkForce config.systemd.services.hydra-init.environment; script = '' if [ ! -e /opt/secret/hydra_key/initialized ]; then # create signing keys /run/current-system/sw/bin/install -d -m 551 /opt/secret/hydra_key/hydra.orbekk.com-1 /run/current-system/sw/bin/nix-store --generate-binary-cache-key hydra.orbekk.com-1 /opt/secret/hydra_key/hydra.orbekk.com-1/secret /opt/secret/hydra_key/hydra.orbekk.com-1/public /run/current-system/sw/bin/chown -R hydra:hydra /opt/secret/hydra_key /run/current-system/sw/bin/chmod 440 /opt/secret/hydra_key/hydra.orbekk.com-1/secret /run/current-system/sw/bin/chmod 444 /opt/secret/hydra_key/hydra.orbekk.com-1/public # done touch /opt/secret/hydra_key/initialized fi ''; }; nix = { distributedBuilds = true; nrBuildUsers = 30; # Enable this if I run low on disk. gc.automatic = lib.mkForce false; buildMachines = [ { hostName = "localhost"; systems = [ "x86_64-linux" "i686-linux" ]; maxJobs = "16"; supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ]; } ]; extraOptions = "auto-optimise-store = true"; }; nixpkgs.config = { allowUnfree = true; }; }