{ hostRegistry, config, pkgs, ... }: let nix-build = "client@${config.c3d2.hosts.nix-build.ip4}"; in { nix = { extraOptions = '' allowed-uris = http:// https:// ssh:// ''; trustedUsers = [ "hydra" "root" ]; buildMachines = [ { hostName = "localhost"; system = "x86_64-linux"; supportedFeatures = [ "big-parallel" "benchmark" "kvm" "nixos-test" ]; maxJobs = 4; } { hostName = nix-build; system = "x86_64-linux"; supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ]; maxJobs = 4; } { hostName = nix-build; system = "aarch64-linux"; supportedFeatures = [ "nixos-test" "big-parallel" "benchmark" ]; maxJobs = 4; } ] ++ map (system: { hostName = "localhost"; inherit system; supportedFeatures = [ "nixos-test" "big-parallel" "benchmark" ]; maxJobs = 4; }) config.boot.binfmt.emulatedSystems; daemonCPUSchedPolicy = "idle"; daemonIOSchedClass = "idle"; daemonIOSchedPriority = 7; }; services.hydra = { enable = true; hydraURL = "https://hydra.hq.c3d2.de"; logo = ./c3d2.svg; notificationSender = "hydra@spam.works"; package = pkgs.hydra-unstable.overrideAttrs (oa: { # HACK for Hydra error: cannot write modified lock file of flake patchPhase = '' ${pkgs.lib.optionalString (oa ? patchPhase) oa.patchPhase} substituteInPlace src/script/hydra-eval-jobset \ --replace '"nix", "flake", "info"' '"nix", "flake", "info", "--no-write-lock-file"' ''; }); useSubstitutes = true; extraConfig = '' max_output_size = 4294967296 ''; }; services.nginx = let hydraVhost = { forceSSL = true; enableACME = true; locations."/".proxyPass = "http://localhost:${toString config.services.hydra.port}"; }; in { enable = true; recommendedProxySettings = true; recommendedGzipSettings = true; virtualHosts = { "hydra.hq.c3d2.de" = hydraVhost // { default = true; }; "hydra.serv.zentralwerk.org" = hydraVhost; }; }; }