{ config, lib, ... }: # hydra user needs to be manually crated # sudo -u hydra -s # hydra-create-user $USERNAME --password $PASSWORD --role admin # https://qfpl.io/posts/nix/starting-simple-hydra/ # also for reference a well written hydra config: # https://github.com/NixOS/nixos-org-configurations/blob/master/delft/hydra.nix with lib; let cacheDir = "/var/cache/hydra"; in mkIf (elem "hydra" config.machine.services) { # also take a look at ../conf/nix.nix nix.buildMachines = [ { hostName = "localhost"; system = "x86_64-linux"; supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ]; maxJobs = 8; } ]; services = let cfg = config.machine; inherit ((findFirst (s: s.service == "hydra") cfg cfg.vHosts)) domain; in { hydra = { enable = true; hydraURL = domain; # externally visible URL listenHost = "localhost"; port = 3001; minimumDiskFree = 15; minimumDiskFreeEvaluator = 15; notificationSender = "hydra@mail.${cfg.domain}"; # e-mail of hydra service useSubstitutes = true; debugServer = false; # Hints from hydra-queue-runner: # binary_cache_dir is deprecated and ignored. use store_uri=file:// instead # hydra.conf: binary_cache_secret_key_file is deprecated and ignored. use store_uri=...?secret-key= instead extraConfig = '' max_output_size = 4294967296 store_uri = file://${cacheDir}?secret-key=${ config.sops.secrets."services.hydra.secretKey".path }&write-nar-listing=1&ls-compression=br&log-compression=br # add ?local-nar-cache= to set nar cache location server_store_uri = https://cache.${cfg.domain} binary_cache_public_uri https://cache.${cfg.domain} upload_logs_to_binary_cache = true ''; }; nix-serve = { enable = true; bindAddress = "0.0.0.0"; port = 5000; secretKeyFile = config.sops.secrets."services.hydra.secretKey".path; extraParams = '' # Dont know how to change the store root yet... # --user hydra-queue-runner # --group hydra ''; }; }; systemd.services.nix-serve.serviceConfig.User = mkForce "hydra"; systemd.services.nix-serve.environment.NIX_STORE_DIR = cacheDir; sops.secrets."services/hydra/secretKey" = { owner = "hydra"; group = "hydra"; }; }