NixMachines/machines/hippocampus/servers/public/hydra.nix

{config, pkgs, ...}: let
  deploy-container = pkgs.writeScriptBin "deploy-nixos-container" ''
    pushd $2
    nixos-container update $1 --flake $2#$3
    git reset --hard HEAD
    git clean -fdx
    git reflog expire --expire=now --all
    git repack -ad  # Remove dangling objects from packfiles
    git prune       # Remove dangling loose objects
    popd
  '';
in {
  imports = [
    # ./nix-serve.nix
  ];
  services.hydra = {
    enable = true;
    hydraURL = "https://hydra.syzygial.cc";
    port = 3500;
    notificationSender = "hydra@localhost";
    buildMachinesFiles = [];
    useSubstitutes = true;
    extraConfig = ''
      <dynamicruncommand>
        enable = 1
      </dynamicruncommand>
    '';
  };
  nix.extraOptions = ''
    allowed-uris = https://github.com/ https://git.savannah.gnu.org/ https://git.syzygial.cc https://gitlab.com https://sr.ht github: gitlab:
  '';
  systemd.services.hydra = {
    serviceConfig = {
      RestartSec = "20s";
    };
  };
  users.users."hydra" = {
    openssh.authorizedKeys.keys = [
      
    ];
    packages = [
      
    ];
  };
  # Deployment User
  users.users.hydra-deploy = {
    isNormalUser = true;
    home = "/var/lib/hydra/deploy";
    description = "Hydra Deployment User";
    extraGroups = [ "hydra" ];
    packages = [
      deploy-container
    ];
  };
  # TODO: Configure authorizedKeys between
  # hydra-queue-runner and hydra-deploy
  security.sudo.extraRules = [
    {
      users = ["hydra-deploy"];
      commands = [
        {
          command = "${deploy-container}/bin/deploy-nixos-container *";
          options = ["NOPASSWD"];
        }
      ];
    }
  ];
  networking.nat = {
    enable = true;
    internalInterfaces = [
      "ve-newalan"
      "ve-handyhelper"
    ];
    externalInterface = "enp0s25";
    enableIPv6 = true;
  };

  nix.buildMachines = [
    { hostName = "localhost";
      system = "x86_64-linux";
      supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"];
      maxJobs = 8;
    }
  ];
  services.caddy.virtualHosts = {
    "hydra.syzygial.cc" = {
      extraConfig = ''
        reverse_proxy localhost:${toString config.services.hydra.port}
      '';
    };
  };
}