From 4c9493249064abfd2d5d535d02939e0e001a5089 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <tm@tlater.net>
Date: Mon, 17 May 2021 00:18:51 +0100
Subject: [PATCH 1/2] webserver: Use SIGKILL instead of SIGTERM

---
 configuration/services/webserver.nix | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/configuration/services/webserver.nix b/configuration/services/webserver.nix
index e1c396d..c1966a5 100644
--- a/configuration/services/webserver.nix
+++ b/configuration/services/webserver.nix
@@ -34,6 +34,10 @@
 
     ports = [ "3002:3002" ];
     volumes = [ "tlaternet-mail:/srv/mail" ];
-    extraOptions = [ "--hostname=tlater.net" ];
+    extraOptions = [
+      "--hostname=tlater.net"
+      # Rocket 0.4 doesn't support SIGTERM anyway, so SIGKILL is the cleanest exit possible.
+      "--stop-signal=SIGKILL"
+    ];
   };
 }

From a40cab264241329b0efba3a3128219de72d4f042 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?=
 <tristan.maat@codethink.co.uk>
Date: Thu, 13 May 2021 21:12:11 +0100
Subject: [PATCH 2/2] WIP: Add hydra

---
 configuration/default.nix        |  2 ++
 configuration/services/hydra.nix | 16 ++++++++++++++++
 flake.nix                        | 14 +++++++++++++-
 3 files changed, 31 insertions(+), 1 deletion(-)
 create mode 100644 configuration/services/hydra.nix

diff --git a/configuration/default.nix b/configuration/default.nix
index a12aceb..42e43ec 100644
--- a/configuration/default.nix
+++ b/configuration/default.nix
@@ -3,6 +3,7 @@
 {
   imports = [
     ./services/gitea.nix
+    ./services/hydra.nix
     ./services/minecraft.nix
     ./services/nextcloud.nix
     ./services/webserver.nix
@@ -68,6 +69,7 @@
       "${domain}" = host 3002 { serverAliases = [ "www.${domain}" ]; };
       "gitea.${domain}" = host 3000 { };
       "nextcloud.${domain}" = host 3001 { };
+      "hydra.${domain}" = host config.services.hydra.port { };
     };
   };
 
diff --git a/configuration/services/hydra.nix b/configuration/services/hydra.nix
new file mode 100644
index 0000000..2321407
--- /dev/null
+++ b/configuration/services/hydra.nix
@@ -0,0 +1,16 @@
+{ ... }:
+
+{
+  services.hydra = {
+    enable = true;
+    port = 3003;
+
+    hydraURL = "hydra.tlater.net";
+    notificationSender = "hydra@tlater.net";
+    extraConfig = ''
+      <gitea_authorization>
+
+      </gitea_authorization>
+    '';
+  };
+}
diff --git a/flake.nix b/flake.nix
index 78a3cfb..bf1c240 100644
--- a/flake.nix
+++ b/flake.nix
@@ -68,7 +68,7 @@
             (import ./modules)
 
             (import ./configuration)
-            ({ lib, ... }: {
+            ({ config, lib, ... }: {
               users.users.tlater.password = "insecure";
 
               # Disable graphical tty so -curses works
@@ -78,6 +78,18 @@
               # can easily test locally with the VM.
               services.nginx.domain = lib.mkOverride 99 "localhost";
 
+              # Hydra uses X-Forwarded-Port to figure out how to
+              # include links to static files, but because we redirect
+              # 443 -> 3443 in the vm we need to explicitly set this
+              # (nginx can't see qemu's port redirection).
+              services.nginx.virtualHosts =
+                let domain = config.services.nginx.domain;
+                in {
+                  "hydra.${domain}".locations."/".extraConfig = ''
+                    proxy_set_header X-Forwarded-Port 3443;
+                  '';
+                };
+
               # # Set up VM settings to match real VPS
               # virtualisation.memorySize = 3941;
               # virtualisation.cores = 2;