{ hostRegistry, config, pkgs, ... }:

let
  nix-build = "client@${hostRegistry.hosts.nix-build.ip4}";
in {
  nix = {
    binaryCaches =
      [ "https://cache.nixos.org" "https://genodepkgs.cachix.org" ];
    binaryCachePublicKeys = [
      "genodepkgs.cachix.org-1:j6xcYrUP9Q9c+WbS+MbkJR26cqeytOVdC4SmhOYj2Sw="
    ];
    extraOptions = ''
      allowed-uris = http:// https:// ssh://
    '';
    trustedUsers = [ "hydra" "root" ];
    buildMachines = [ {
      hostName = "localhost";
      system = "x86_64-linux";
      supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
      maxJobs = 4;
    } {
      hostName = nix-build;
      system = "x86_64-linux";
      supportedFeatures = [ "nixos-test" "big-parallel" "benchmark" ];
      maxJobs = 4;
    } {
      hostName = nix-build;
      system = "aarch64-linux";
      supportedFeatures = [ "nixos-test" "big-parallel" "benchmark" ];
      maxJobs = 4;
    } ];
  };

  services.hydra = {
    enable = true;
    hydraURL = "https://hydra.hq.c3d2.de";
    logo = ./c3d2.svg;
    notificationSender = "hydra@spam.works";
    package = pkgs.hydra-unstable;
    useSubstitutes = true;
  };

  services.nginx =
    let
      hydraVhost = {
        forceSSL = true;
        enableACME = true;
        locations."/".proxyPass =
          "http://localhost:${toString config.services.hydra.port}";
      };
    in {
      enable = true;
      recommendedProxySettings = true;
      recommendedGzipSettings = true;
      virtualHosts = {
        "hydra.hq.c3d2.de" = hydraVhost // {
          default = true;
        };
        "hydra.serv.zentralwerk.org" = hydraVhost;
      };
    };
}