update with hwtr-prince, everything looks fine

nix-conf/home-manager/home.nix

@@ -30,14 +30,16 @@ let
   proj_root = builtins.toString ./../..;
   # TODO: put this in a seperate library
   # callPackage supports both PATH and function as first param!
-  yamlToJsonDrv = yamlContent: outputPath: pkgs.callPackage ({ runCommand }:
+  yamlToJsonDrv = yamlContent: outputPath: pkgs.callPackage
+    ({ runCommand }:
       # runCommand source: https://github.com/NixOS/nixpkgs/blob/master/pkgs/build-support/trivial-builders.nix#L33
       runCommand outputPath { inherit yamlContent; nativeBuildInputs = [ pkgs.yq ]; }
         # run yq which outputs '.' (no filter) on file at yamlPath
         # note that $out is passed onto the bash/sh script for execution
         ''
           echo "$yamlContent" | yq >$out
-        '') { };
+        '')
+    { };
   # fromYamlPath = yamlPath: builtins.fromJSON (builtins.readFile (yamlToJsonDrv yamlPath "any-output.json"));
   fromYaml = yamlContent: builtins.fromJSON (builtins.readFile (yamlToJsonDrv yamlContent "any_output.json"));
 in

nixops/simple_hydra.nix

@@ -0,0 +1,31 @@
+{
+  my-hydra = { config, pkgs, ... }: {
+    # send email
+    services.postfix = {
+      enable = true;
+      setSendmail = true;
+    };
+    # postgresql as a build queue (optimization possible?)
+    services.postgresql = {
+      enable = true;
+      package = pkgs.postgresql;
+      identMap = ''
+        hydra-users hydra hydra
+        hydra-users hydra-queue-runner hydra
+        hydra-users hydra-www hydra
+        hydra-users root postgres
+        hydra-users postgres postgres
+      '';
+    };
+    services.hydra = {
+      enable = true;
+      useSubstitutes = true;
+      # hydraURL = 
+    };
+    networking = {
+      firewall = {
+        allowedTCPPorts = [ config.services.hydra.port ];
+      };
+    };
+  };
+}

nixops/simple_hydra_vbox.nix

@@ -0,0 +1,25 @@
+# guide: https://qfpl.io/posts/nix/starting-simple-hydra/
+{
+  my-hydra = { config, pkgs, ... }: {
+    deployment = {
+      targetEnv = "virtualbox";
+      virtualbox.memorySize = 1024; # 1 GB``
+      virtualbox.vcpu = 2; # 2 vcpus :/ very limited on Linode, sorry
+      virtualbox.headless = true; # no gui pls
+    };
+    services = {
+      nixosManual.showManual = false; # save space, just no manual on our nix installation
+      ntp.enable = true; # time daemon
+      openssh = {
+        allowSFTP = false; # Prefer using SCP because connection is less verbose (?)
+        # we are going to generate rsa public key pair to machine
+        passwordAuthentication = false; # client-pubkey/server-prikey or dig yourself
+      };
+    };
+    users = {
+      mutableUsers = false; # Remember Trien's Windows freeze function? this is it.
+      # Yo, allow trusted users through ok?
+      users.root.openssh.authorizedKeys.keyFiles = [ "ssh/authorizedKeys" ];
+    };
+  };
+}