hydra server

configuration.nix

{ config, pkgs, ... }:
let
  hydra = pkgs.fetchgit { url = https://github.com/NixOS/hydra; rev = "refs/heads/master"; };
in {

  ...

  require = [ "${hydra}/hydra-module.nix" ];

  ...


  services = {
    postfix = {
      enable = true;
      setSendmail = true;
    };

    openssh = {
      enable = true;
      permitRootLogin = "no";
      passwordAuthentication = false;
    };
    locate.enable = true;
    hydra = {
      enable = true;
      dbi = "dbi:Pg:dbname=hydra;host=localhost;user=hydra;";
      package = (import "${hydra}/release.nix" {}).build.x86_64-linux;
      hydraURL = "http://hydra.scriptores.com/";
      listenHost = "localhost";
      port = 3000;
      minimumDiskFree = 5;
      minimumDiskFreeEvaluator = 2;
      notificationSender = "hydra@jaeger.matejc";
      tracker = "<div>matejc's Hydra reborn</div>";
      logo = null;
      debugServer = false;
    };
    # Hydra requires postgresql to run
    postgresql.enable = true;
    postgresql.package = pkgs.postgresql;

    nginx.enable = true;
    nginx.config = pkgs.lib.readFile /root/nginx.conf;
  };
  ...
}

hydra.nginx

server {
    listen 0.0.0.0:443 ssl;
    server_name hydra-ssl.scriptores.com;
    keepalive_timeout    70;

    ssl_session_cache    shared:SSL:10m;
    ssl_session_timeout  10m;
    ssl_certificate     /root/ssl/hydra.crt;
    ssl_certificate_key /root/ssl/hydra.key;

    ### We want full access to SSL via backend ###
    location / {
        proxy_pass http://127.0.0.1:3000/;

        ### force timeouts if one of backend is died ##
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
 
        ### Set headers ####
        proxy_set_header        Accept-Encoding   "";
        proxy_set_header        Host            $host;
        proxy_set_header        X-Real-IP       $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
 
        ### Most PHP, Python, Rails, Java App can use this header ###
        #proxy_set_header X-Forwarded-Proto https;##
        #This is better##
        proxy_set_header        X-Forwarded-Proto $scheme;
        add_header              Front-End-Https   on;

        ### By default we don't want to redirect it ####
        proxy_redirect     off;
    }
}
server {
    listen 0.0.0.0:80;
    server_name hydra-ssl.scriptores.com;
    rewrite ^ https://$server_name$request_uri? permanent;
}

server {
    listen 0.0.0.0:80;
    server_name hydra.scriptores.com;

    location / {
        proxy_pass http://127.0.0.1:3000/;
        proxy_set_header        Host            $host;
        proxy_set_header        X-Real-IP       $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

nginx.conf

#user  nobody;
worker_processes  1;

error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    include /root/hydra.nginx;

}