diff --git a/hosts/hydra/adc.nix b/hosts/hydra/adc.nix
new file mode 100644
index 00000000..56577c74
--- /dev/null
+++ b/hosts/hydra/adc.nix
@@ -0,0 +1,36 @@
+{ config, pkgs, lib, ... }:
+
+let ncdcPort = 1512;
+in {
+ services.uhub = {
+ enable = true;
+ enableTLS = false;
+ port = 19061;
+ hubConfig = ''
+ hub_name=c3d2
+ hub_description=<<>>
+ show_banner_sys_info=0
+ '';
+ plugins.history.enable = true;
+ plugins.welcome = {
+ enable = true;
+ motd = ''
+ ______ ______
+ / / / / / /\ \ \
+ / / / / / / \ \ \
+ \ \ \ \ / / / / /
+ \_\_\_\/_/ /_/_/
+ '';
+ };
+ };
+
+ networking.firewall.allowedTCPPorts = [ ncdcPort config.services.uhub.port ];
+ networking.firewall.allowedUDPPorts = [ ncdcPort ];
+
+ users.users.ncdc = {
+ isNormalUser = true;
+ uid = 1511;
+ openssh.authorizedKeys.keys =
+ config.users.users.root.openssh.authorizedKeys.keys;
+ };
+}
diff --git a/hosts/hydra/c3d2.svg b/hosts/hydra/c3d2.svg
new file mode 100644
index 00000000..9d201eb6
--- /dev/null
+++ b/hosts/hydra/c3d2.svg
@@ -0,0 +1,140 @@
+
+
+
+
diff --git a/hosts/hydra/cache.nix b/hosts/hydra/cache.nix
new file mode 100644
index 00000000..e5a3b84b
--- /dev/null
+++ b/hosts/hydra/cache.nix
@@ -0,0 +1,21 @@
+{ config, pkgs, ... }:
+
+{
+ services.nix-serve = {
+ enable = true;
+ secretKeyFile = "/var/cache-priv-key.pem";
+ };
+
+ networking.firewall.allowedTCPPorts = [ config.services.nix-serve.port ];
+
+ services.nginx.virtualHosts."nix-serve.hq.c3d2.de" = {
+ forceSSL = true;
+ enableACME = true;
+ locations."/".extraConfig = ''
+ proxy_pass http://localhost:${toString config.services.nix-serve.port};
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ '';
+ };
+}
diff --git a/hosts/hydra/configuration.nix b/hosts/hydra/configuration.nix
new file mode 100644
index 00000000..1898ed0e
--- /dev/null
+++ b/hosts/hydra/configuration.nix
@@ -0,0 +1,56 @@
+{ config, pkgs, lib, ... }:
+
+{
+ imports = [
+
+ ./adc.nix
+ ./hydra.nix
+ ./cache.nix
+ ./../../lib/common/c3d2.nix
+ ];
+
+ security.pam.enableSSHAgentAuth = true;
+ users.users.root.openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgL2kRs+cXAcUzOO2Tp+mtMBVuHqMuslQy3LN+HLSP4 emery@nixos"
+ ];
+ services.openssh.enable = true;
+
+ nix.useSandbox = false;
+ nix.maxJobs = lib.mkDefault 4;
+
+ boot.isContainer = true;
+ boot.loader.initScript.enable = true;
+ boot.loader.grub.enable = false;
+
+ fileSystems."/" = {
+ fsType = "rootfs";
+ device = "rootfs";
+ };
+
+ networking.hostName = "192";
+ networking.useNetworkd = true;
+
+ # Set your time zone.
+ time.timeZone = "Europe/Berlin";
+ i18n = {
+ defaultLocale = "en_US.UTF-8";
+ supportedLocales = lib.mkForce [ "en_US.UTF-8/UTF-8" ];
+ };
+
+ environment.systemPackages = with pkgs; [ tmux htop vim ];
+
+ # Create a few files early before packing tarball for Proxmox
+ # architecture/OS detection.
+ system.extraSystemBuilderCmds = ''
+ mkdir -m 0755 -p $out/bin
+ ln -s ${pkgs.bash}/bin/bash $out/bin/sh
+ mkdir -m 0755 -p $out/sbin
+ ln -s ../init $out/sbin/init
+ '';
+
+ # This value determines the NixOS release with which your system is to be
+ # compatible, in order to avoid breaking some software such as database
+ # servers. You should change this only after NixOS release notes say you
+ # should.
+ system.stateVersion = "19.03"; # Did you read the comment?
+}
diff --git a/hosts/hydra/hydra.nix b/hosts/hydra/hydra.nix
new file mode 100644
index 00000000..7e228649
--- /dev/null
+++ b/hosts/hydra/hydra.nix
@@ -0,0 +1,38 @@
+{ config, pkgs, ... }:
+
+{
+ nix = {
+ binaryCaches = [ "https://cache.nixos.org" "https://cache.dhall-lang.org" ];
+ binaryCachePublicKeys =
+ [ "cache.dhall-lang.org:I9/H18WHd60olG5GsIjolp7CtepSgJmM2CsO813VTmM=" ];
+ buildMachines = [{
+ hostName = "localhost";
+ system = "x86_64-linux";
+ maxJobs = 2;
+ }];
+ };
+
+ services.hydra = {
+ enable = true;
+ hydraURL = "https://hydra.hq.c3d2.de";
+ logo = ./c3d2.svg;
+ notificationSender = "hydra@spam.works";
+ useSubstitutes = false;
+ };
+
+ services.nginx = {
+ enable = true;
+ recommendedProxySettings = true;
+ recommendedGzipSettings = true;
+ virtualHosts = {
+ "hydra.hq.c3d2.de" = {
+ forceSSL = true;
+ enableACME = true;
+ locations."/".proxyPass =
+ "http://localhost:${toString config.services.hydra.port}";
+ };
+ };
+ };
+
+ networking.firewall.allowedTCPPorts = [ 80 443 ];
+}