{ lib, ... }: { imports = [ ./hardware.nix ]; networking.hostName = "build-coord"; networking.domain = "wob01.infra.forkos.org"; bagel.sysadmin.enable = true; bagel.services = { hydra.enable = true; # TODO: use the roles to avoid setting up builders which are not… builders! hydra.builders = map (i: "bm-${builtins.toString i}") [4 10]; # Arguably, the build-coordinator is the most sensitive piece of our own infrastructure. # Henceforth, it can run as well another sensitive piece of the system: the Vault. vault = { enable = true; domain = "vault.forkos.org"; }; }; bagel.monitoring.exporters.hydra.enable = true; # Hydra is proxied. bagel.raito.v6-proxy-awareness.enable = true; system.stateVersion = "24.05"; deployment.targetHost = "build-coord.wob01.infra.forkos.org"; }