{ config, pkgs, ... }:

{
  nix = {
    binaryCaches = [
      "https://cache.server7.hq.c3d2.de"
      "https://cache.nixos.org"
      "https://cache.dhall-lang.org"
    ];
    binaryCachePublicKeys = [
      "cache.server7.hq.c3d2.de:x8JLRG26zRZ8ysYZLEkPxuAYuK1VSJi/aMAEIs2Lv+U="
      "cache.dhall-lang.org:I9/H18WHd60olG5GsIjolp7CtepSgJmM2CsO813VTmM="
    ];
    extraOptions = ''
      allowed-uris = http:// https://
    '';
    buildMachines = [{
      hostName = "server7.hq";
      sshUser = "hydra";
      sshKey = "/var/lib/hydra/queue-runner/id_rsa";
      system = "x86_64-linux";
      speedFactor = 2;
      supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
      maxJobs = 8;
    }];
  };

  services.hydra = {
    enable = true;
    hydraURL = "https://hydra.hq.c3d2.de";
    logo = ./c3d2.svg;
    notificationSender = "hydra@spam.works";
    package = pkgs.hydra-unstable;
    useSubstitutes = false;
  };

  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
    recommendedGzipSettings = true;
    virtualHosts."hydra.hq.c3d2.de" = {
      forceSSL = true;
      enableACME = true;
      locations."/".proxyPass =
        "http://localhost:${toString config.services.hydra.port}";
    };
  };
}