2 files changed, 46 insertions, 0 deletions
diff --git a/flake.nix b/flake.nix
index e52e7e7..faf9ead 100644
--- a/flake.nix
+++ b/flake.nix
@@ -77,6 +77,7 @@
        audit = (import ./usecases/server/audit.nix inputs);
        fail2ban = (import ./usecases/server/fail2ban.nix inputs);
        gotifyServer = (import ./usecases/server/gotify-server.nix inputs);
+        hydraServer = (import ./usecases/server/hydra-server.nix inputs);
        monitoringTarget = (import ./usecases/server/monitoring-target.nix inputs);
        radicale = (import ./usecases/server/radicale.nix inputs);
        smartd = (import ./usecases/server/smartd.nix inputs);
@@ -171,12 +172,21 @@
            self.nixosModules.profiles.server
            self.nixosModules.usecases.server.ankisyncd
            self.nixosModules.usecases.server.gotifyServer
+            self.nixosModules.usecases.server.hydraServer
            self.nixosModules.usecases.server.radicale
            self.nixosModules.usecases.server.zfs
            {
              # Needed for ZFS
              networking.hostId = "4e98920d";
+              services.hydra = {
+                hydraURL = "localhost:3000";
+                notificationSender = "hydra@localhost";
+                secretKeyLocation = builtins.toFile
+                  "secret-key"
+                  "testServer:0d5jJjOxIoe6sTr2YKWkQxsM3ZcW+9GAk52yYNVxfYBUxS2nUfzfQk5Jo0OwHnT95bTLXCVNQETGV4m6KHsVCA==";
+              };
            }
          ];
        };
diff --git a/usecases/server/hydra-server.nix b/usecases/server/hydra-server.nix
new file mode 100644
index 0000000..6fbbdee
--- /dev/null
+++ b/usecases/server/hydra-server.nix
@@ -0,0 +1,36 @@
+inputs:
+{ config, lib, pkgs, ... }:
+{
+  options = with lib; {
+    services.hydra.secretKeyLocation = mkOption {
+      type = types.str;
+      description = ''
+        Absolute location to the secret key used to sign builds
+      '';
+    };
+  };
+  config = {
+    services.hydra = {
+      enable = true;
+      #hydraURL = "https://hydra.huh.gdn";
+      #notificationSender = "hydra@huh.gdn";
+      buildMachinesFiles = [ ];
+      # Don't build *everything* from source
+      useSubstitutes = true;
+      extraConfig = ''
+        binary_cache_secret_key_file = ${config.services.hydra.secretKeyLocation}
+        store_uri = auto?secret-key=${config.services.hydra.secretKeyLocation}
+      '';
+      package = pkgs.hydra-unstable;
+    };
+    nix.allowedUsers = [ "@hydra" ];
+    networking.firewall.interfaces.${config.topology.mainVpn.interfaceName}.allowedTCPPorts = [
+      config.services.hydra.port
+    ];
+  };
+}

diff --git a/flake.nix b/flake.nix index e52e7e7..faf9ead 100644 --- a/flake.nix +++ b/flake.nix
@@ -77,6 +77,7 @@
77	audit = (import ./usecases/server/audit.nix inputs);	77	audit = (import ./usecases/server/audit.nix inputs);
78	fail2ban = (import ./usecases/server/fail2ban.nix inputs);	78	fail2ban = (import ./usecases/server/fail2ban.nix inputs);
79	gotifyServer = (import ./usecases/server/gotify-server.nix inputs);	79	gotifyServer = (import ./usecases/server/gotify-server.nix inputs);
		80	hydraServer = (import ./usecases/server/hydra-server.nix inputs);
80	monitoringTarget = (import ./usecases/server/monitoring-target.nix inputs);	81	monitoringTarget = (import ./usecases/server/monitoring-target.nix inputs);
81	radicale = (import ./usecases/server/radicale.nix inputs);	82	radicale = (import ./usecases/server/radicale.nix inputs);
82	smartd = (import ./usecases/server/smartd.nix inputs);	83	smartd = (import ./usecases/server/smartd.nix inputs);
@@ -171,12 +172,21 @@
171	self.nixosModules.profiles.server	172	self.nixosModules.profiles.server
172	self.nixosModules.usecases.server.ankisyncd	173	self.nixosModules.usecases.server.ankisyncd
173	self.nixosModules.usecases.server.gotifyServer	174	self.nixosModules.usecases.server.gotifyServer
		175	self.nixosModules.usecases.server.hydraServer
174	self.nixosModules.usecases.server.radicale	176	self.nixosModules.usecases.server.radicale
175	self.nixosModules.usecases.server.zfs	177	self.nixosModules.usecases.server.zfs
176		178
177	{	179	{
178	# Needed for ZFS	180	# Needed for ZFS
179	networking.hostId = "4e98920d";	181	networking.hostId = "4e98920d";
		182
		183	services.hydra = {
		184	hydraURL = "localhost:3000";
		185	notificationSender = "hydra@localhost";
		186	secretKeyLocation = builtins.toFile
		187	"secret-key"
		188	"testServer:0d5jJjOxIoe6sTr2YKWkQxsM3ZcW+9GAk52yYNVxfYBUxS2nUfzfQk5Jo0OwHnT95bTLXCVNQETGV4m6KHsVCA==";
		189	};
180	}	190	}
181	];	191	];
182	};	192	};


diff --git a/usecases/server/hydra-server.nix b/usecases/server/hydra-server.nix new file mode 100644 index 0000000..6fbbdee --- /dev/null +++ b/usecases/server/hydra-server.nix
@@ -0,0 +1,36 @@
		1	inputs:
		2
		3	{ config, lib, pkgs, ... }:
		4
		5	{
		6	options = with lib; {
		7	services.hydra.secretKeyLocation = mkOption {
		8	type = types.str;
		9	description = ''
		10	Absolute location to the secret key used to sign builds
		11	'';
		12	};
		13	};
		14
		15	config = {
		16	services.hydra = {
		17	enable = true;
		18	#hydraURL = "https://hydra.huh.gdn";
		19	#notificationSender = "hydra@huh.gdn";
		20	buildMachinesFiles = [ ];
		21	# Don't build everything from source
		22	useSubstitutes = true;
		23	extraConfig = ''
		24	binary_cache_secret_key_file = ${config.services.hydra.secretKeyLocation}
		25	store_uri = auto?secret-key=${config.services.hydra.secretKeyLocation}
		26	'';
		27	package = pkgs.hydra-unstable;
		28	};
		29
		30	nix.allowedUsers = [ "@hydra" ];
		31
		32	networking.firewall.interfaces.${config.topology.mainVpn.interfaceName}.allowedTCPPorts = [
		33	config.services.hydra.port
		34	];
		35	};
		36	}