{ self, config, lib, pkgs, ... }:

with self.lib.nginx;
{
  services.hydra = {
    enable = true;
    hydraURL = "https://hydra.vapor.systems";
    notificationSender = "hydra@localhost";
    buildMachinesFiles = [ ];
    useSubstitutes = true;
    extraConfig = lib.readFile ./hydra.conf;
  };

  secrets =
    let
      owner = "hydra";
      group = "hydra";
      permissions = "0440";
    in
    {
      hydraLdap = {
        inherit owner group permissions;
        source = ../../secrets/hydra/ldap-password.conf;
        dest = "/var/lib/hydra/ldap-password.conf";
      };

      hydraGit = {
        inherit owner group permissions;
        source = ../../secrets/hydra/git.conf;
        dest = "/var/lib/hydra/git.conf";
      };

      hydraPrivKey = {
        inherit owner group permissions;
        source = ../../secrets/hydra/priv.key;
        dest = "/var/lib/hydra/priv.key";
      };

      hydraPubKey = {
        inherit owner group permissions;
        source = ../../secrets/hydra/pub.key;
        dest = "/var/lib/hydra/pub.key";
      };
    };

  services.nginx = {
    enable = true;
    virtualHosts = {
      "hydra.vapor.systems" = (proxyDomain "vapor.systems" "http://127.0.0.1:3000/");
    };
  };
}