From b15e415ed43a9a3c98678e01da1a0c0e614b4bb9 Mon Sep 17 00:00:00 2001
From: Minijackson <minijackson@riseup.net>
Date: Sun, 30 May 2021 16:55:30 +0200
Subject: hydraServer: init

---
 flake.nix                        | 10 ++++++++++
 usecases/server/hydra-server.nix | 36 ++++++++++++++++++++++++++++++++++++
 2 files changed, 46 insertions(+)
 create mode 100644 usecases/server/hydra-server.nix

diff --git a/flake.nix b/flake.nix
index e52e7e7..faf9ead 100644
--- a/flake.nix
+++ b/flake.nix
@@ -77,6 +77,7 @@
         audit = (import ./usecases/server/audit.nix inputs);
         fail2ban = (import ./usecases/server/fail2ban.nix inputs);
         gotifyServer = (import ./usecases/server/gotify-server.nix inputs);
+        hydraServer = (import ./usecases/server/hydra-server.nix inputs);
         monitoringTarget = (import ./usecases/server/monitoring-target.nix inputs);
         radicale = (import ./usecases/server/radicale.nix inputs);
         smartd = (import ./usecases/server/smartd.nix inputs);
@@ -171,12 +172,21 @@
             self.nixosModules.profiles.server
             self.nixosModules.usecases.server.ankisyncd
             self.nixosModules.usecases.server.gotifyServer
+            self.nixosModules.usecases.server.hydraServer
             self.nixosModules.usecases.server.radicale
             self.nixosModules.usecases.server.zfs
 
             {
               # Needed for ZFS
               networking.hostId = "4e98920d";
+
+              services.hydra = {
+                hydraURL = "localhost:3000";
+                notificationSender = "hydra@localhost";
+                secretKeyLocation = builtins.toFile
+                  "secret-key"
+                  "testServer:0d5jJjOxIoe6sTr2YKWkQxsM3ZcW+9GAk52yYNVxfYBUxS2nUfzfQk5Jo0OwHnT95bTLXCVNQETGV4m6KHsVCA==";
+              };
             }
           ];
         };
diff --git a/usecases/server/hydra-server.nix b/usecases/server/hydra-server.nix
new file mode 100644
index 0000000..6fbbdee
--- /dev/null
+++ b/usecases/server/hydra-server.nix
@@ -0,0 +1,36 @@
+inputs:
+
+{ config, lib, pkgs, ... }:
+
+{
+  options = with lib; {
+    services.hydra.secretKeyLocation = mkOption {
+      type = types.str;
+      description = ''
+        Absolute location to the secret key used to sign builds
+      '';
+    };
+  };
+
+  config = {
+    services.hydra = {
+      enable = true;
+      #hydraURL = "https://hydra.huh.gdn";
+      #notificationSender = "hydra@huh.gdn";
+      buildMachinesFiles = [ ];
+      # Don't build *everything* from source
+      useSubstitutes = true;
+      extraConfig = ''
+        binary_cache_secret_key_file = ${config.services.hydra.secretKeyLocation}
+        store_uri = auto?secret-key=${config.services.hydra.secretKeyLocation}
+      '';
+      package = pkgs.hydra-unstable;
+    };
+
+    nix.allowedUsers = [ "@hydra" ];
+
+    networking.firewall.interfaces.${config.topology.mainVpn.interfaceName}.allowedTCPPorts = [
+      config.services.hydra.port
+    ];
+  };
+}
-- 
cgit v1.2.3