{ config, pkgs, ... }:

{

  services.hydra = {
    enable = true;
    hydraURL = "https://server7.hq.c3d2.de";
    logo = ./hydra.svg;
    notificationSender = "hydra@spam.works";
    package = pkgs.hydra-unstable;
    listenHost = "127.0.0.1";
  };

  nix.trustedUsers = [ "hydra" ];

  nix.buildMachines = [{
    hostName = "localhost";
    system = "x86_64-linux";
    supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
    maxJobs = 8;
  }];

  services.nginx = {
    enable = true;
    virtualHosts = {
      "server7.hq.c3d2.de" = {
        default = true;
        addSSL = true;
        enableACME = true;
        locations."/".proxyPass =
          "http://127.0.0.1:${toString config.services.hydra.port}";
      };
    };
  };

  networking.firewall.allowedTCPPorts = [ 80 443 ];
}