From b15e415ed43a9a3c98678e01da1a0c0e614b4bb9 Mon Sep 17 00:00:00 2001
From: Minijackson <minijackson@riseup.net>
Date: Sun, 30 May 2021 16:55:30 +0200
Subject: hydraServer: init

---
 usecases/server/hydra-server.nix | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 usecases/server/hydra-server.nix

(limited to 'usecases/server')

diff --git a/usecases/server/hydra-server.nix b/usecases/server/hydra-server.nix
new file mode 100644
index 0000000..6fbbdee
--- /dev/null
+++ b/usecases/server/hydra-server.nix
@@ -0,0 +1,36 @@
+inputs:
+
+{ config, lib, pkgs, ... }:
+
+{
+  options = with lib; {
+    services.hydra.secretKeyLocation = mkOption {
+      type = types.str;
+      description = ''
+        Absolute location to the secret key used to sign builds
+      '';
+    };
+  };
+
+  config = {
+    services.hydra = {
+      enable = true;
+      #hydraURL = "https://hydra.huh.gdn";
+      #notificationSender = "hydra@huh.gdn";
+      buildMachinesFiles = [ ];
+      # Don't build *everything* from source
+      useSubstitutes = true;
+      extraConfig = ''
+        binary_cache_secret_key_file = ${config.services.hydra.secretKeyLocation}
+        store_uri = auto?secret-key=${config.services.hydra.secretKeyLocation}
+      '';
+      package = pkgs.hydra-unstable;
+    };
+
+    nix.allowedUsers = [ "@hydra" ];
+
+    networking.firewall.interfaces.${config.topology.mainVpn.interfaceName}.allowedTCPPorts = [
+      config.services.hydra.port
+    ];
+  };
+}
-- 
cgit v1.2.3