{ pkgs, ... }: { services.hydra = { enable = true; hydraURL = "https://hydra.newtype.fr"; notificationSender = "hydra@localhost"; buildMachinesFiles = [ "/etc/nix/machines" ]; useSubstitutes = true; }; environment.systemPackages = [ pkgs.nix-prefetch-git ]; nix.trustedUsers = [ "hydra" "hydra-www" ]; services.postgresql = { enableJIT = true; settings = { checkpoint_completion_target = "0.9"; default_statistics_target = 100; max_connections = 500; work_mem = "20MB"; maintenance_work_mem = "2GB"; shared_buffers = "8GB"; min_wal_size = "1GB"; max_wal_size = "2GB"; wal_buffers = "16MB"; max_worker_processes = 16; max_parallel_workers_per_gather = 8; max_parallel_workers = 16; # NVMe related performance tuning effective_io_concurrency = 200; random_page_cost = "1.1"; # We can risk losing some transactions. synchronous_commit = "off"; effective_cache_size = "16GB"; # autovacuum and autoanalyze much more frequently: # at these values vacuum should run approximately # every 2 mass rebuilds, or a couple times a day # on the builds table. Some of those queries really # benefit from frequent vacuums, so this should # help. In particular, I'm thinking the jobsets # pages. autovacuum_vacuum_scale_factor = 0.002; autovacuum_analyze_scale_factor = 0.001; shared_preload_libraries = "pg_stat_statements"; compute_query_id = "on"; }; }; security.acme = { acceptTerms = true; defaults.email = "ryan@lahfa.xyz"; }; services.nginx = { enable = true; recommendedZstdSettings = true; recommendedBrotliSettings = true; recommendedGzipSettings = true; recommendedOptimisation =true; recommendedTlsSettings = true; recommendedProxySettings = true; }; services.nginx.virtualHosts."hydra.newtype.fr" = { forceSSL = true; enableACME = true; # TODO: remove compression for some locations locations."/".proxyPass = "http://localhost:3000"; }; networking.firewall.allowedTCPPorts = [ 80 443 ]; }