From fc6d1ee7a46bb3256f871197b9c54266c61c3c54 Mon Sep 17 00:00:00 2001
From: Infinidoge <infinidoge@inx.moe>
Date: Mon, 20 May 2024 01:04:07 -0400
Subject: [PATCH] Infini-DL360/hydra: init

---
 hosts/Infini-DL360/default.nix |  1 +
 hosts/Infini-DL360/hydra.nix   | 59 ++++++++++++++++++++++++++++++++++
 2 files changed, 60 insertions(+)
 create mode 100644 hosts/Infini-DL360/hydra.nix

diff --git a/hosts/Infini-DL360/default.nix b/hosts/Infini-DL360/default.nix
index c718959..5511a2d 100644
--- a/hosts/Infini-DL360/default.nix
+++ b/hosts/Infini-DL360/default.nix
@@ -9,6 +9,7 @@
     ./factorio.nix
     ./forgejo.nix
     ./freshrss.nix
+    ./hydra.nix
     ./jellyfin.nix
     ./postgresql.nix
     ./thelounge.nix
diff --git a/hosts/Infini-DL360/hydra.nix b/hosts/Infini-DL360/hydra.nix
new file mode 100644
index 0000000..7492c30
--- /dev/null
+++ b/hosts/Infini-DL360/hydra.nix
@@ -0,0 +1,59 @@
+{ config, pkgs, lib, ... }:
+let
+  domain = config.common.subdomain "hydra";
+in
+{
+  services.nginx.virtualHosts.${domain} = config.common.nginx.ssl // {
+    locations."/" = {
+      proxyPass = "http://localhost:${builtins.toString config.services.hydra.port}";
+    };
+  };
+
+  services.hydra = {
+    enable = true;
+    port = 3333;
+    baseDir = "/srv/hydra";
+    hydraURL = "https://${domain}";
+    notificationSender = config.common.email.withSubaddress "hydra";
+    smtpHost = config.common.email.smtp.address;
+    useSubstitutes = true;
+    environmentFile = config.secrets.hydra;
+    extraEnv = {
+      EMAIL_SENDER_TRANSPORT_sasl_username = config.common.email.outgoing;
+      EMAIL_SENDER_TRANSPORT_port = builtins.toString config.common.email.smtp.SSLTLS;
+      EMAIL_SENDER_TRANSPORT_ssl = "ssl";
+    };
+    extraConfig = ''
+      binary_cache_secret_key_file = ${config.secrets.binary-cache-private-key}
+      <git-input>
+        timeout = 3600
+      </git-input>
+    '';
+  };
+
+  nix.settings.allowed-uris = [
+    "github:"
+    "git+https://github.com/"
+    "git+ssh://git@github.com/"
+
+    "git+https://git.inx.moe/"
+    "git+ssh://git@inx.moe/"
+
+    "gitlab:"
+    "git+https://gitlab.com/"
+    "git+ssh://git@gitlab.com/"
+
+    "sourcehut:"
+    "git+https://git.sr.ht/"
+    "git+ssh://git@git.sr.ht/"
+  ];
+
+  nix.buildMachines = [
+    {
+      hostName = "localhost";
+      system = "x86_64-linux";
+      supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
+      maxJobs = 16;
+    }
+  ];
+}