From 5b44c4516cad957ff76448f09566c6d5bbab23bb Mon Sep 17 00:00:00 2001
From: Fiona Grzebien <fiona@grzb.de>
Date: Sun, 17 May 2026 01:24:09 +0200
Subject: [PATCH] Remove hydra host

---
 config/hosts/hydra/configuration.nix | 51 ----------------------------
 config/hosts/hydra/default.nix       |  9 -----
 config/hosts/hydra/hydra.nix         | 14 --------
 config/hosts/hydra/nginx.nix         | 44 ------------------------
 config/hosts/hydra/nix-serve.nix     |  9 -----
 config/hosts/hydra/secrets.nix       | 11 ------
 config/hosts/valkyrie/nginx.nix      |  1 -
 config/hosts/web-public-2/nginx.nix  |  1 -
 flake.nix                            |  6 ----
 hosts.nix                            |  4 ---
 10 files changed, 150 deletions(-)
 delete mode 100644 config/hosts/hydra/configuration.nix
 delete mode 100644 config/hosts/hydra/default.nix
 delete mode 100644 config/hosts/hydra/hydra.nix
 delete mode 100644 config/hosts/hydra/nginx.nix
 delete mode 100644 config/hosts/hydra/nix-serve.nix
 delete mode 100644 config/hosts/hydra/secrets.nix

diff --git a/config/hosts/hydra/configuration.nix b/config/hosts/hydra/configuration.nix
deleted file mode 100644
index 9b554d8..0000000
--- a/config/hosts/hydra/configuration.nix
+++ /dev/null
@@ -1,51 +0,0 @@
-{ ... }:
-{
-  boot = {
-    loader.grub = {
-      enable = true;
-      device = "/dev/vda";
-    };
-
-    binfmt.emulatedSystems = [
-      "armv6l-linux"
-      "armv7l-linux"
-      "aarch64-linux"
-    ];
-  };
-
-  networking = {
-    hostName = "hydra";
-    firewall = {
-      enable = true;
-      allowedTCPPorts = [ 8443 ];
-    };
-  };
-
-  users.users.builder = {
-    isNormalUser = true;
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK/plZfxF/RtB+pJsUYx9HUgRcB56EoO0uj+j3AGzZta root@cherry"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKeIiHkHA5c6/jZx+BB28c5wchdzlFI7R1gbvNmPyoOg root@kiara"
-    ];
-  };
-
-  nix = {
-    settings = {
-      trusted-users = [ "builder" ];
-      allowed-uris = "http:// https://";
-    };
-    buildMachines = [
-      {
-        hostName = "localhost";
-        systems = [
-          "x86_64-linux"
-          "armv6l-linux"
-          "armv7l-linux"
-          "aarch64-linux"
-        ];
-      }
-    ];
-  };
-
-  system.stateVersion = "23.05";
-}
diff --git a/config/hosts/hydra/default.nix b/config/hosts/hydra/default.nix
deleted file mode 100644
index aeffee1..0000000
--- a/config/hosts/hydra/default.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ ... }:
-{
-  imports = [
-    ./configuration.nix
-    ./hydra.nix
-    ./nix-serve.nix
-    ./nginx.nix
-  ];
-}
diff --git a/config/hosts/hydra/hydra.nix b/config/hosts/hydra/hydra.nix
deleted file mode 100644
index c8d4c3f..0000000
--- a/config/hosts/hydra/hydra.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ ... }:
-{
-  services.hydra = {
-    enable = true;
-    hydraURL = "https://hydra.nekover.se";
-    listenHost = "localhost";
-    port = 3001;
-    useSubstitutes = true;
-    notificationSender = "hydra@robot.grzb.de";
-    extraConfig = "
-      binary_cache_public_uri = https://nix-cache.nekover.se
-    ";
-  };
-}
diff --git a/config/hosts/hydra/nginx.nix b/config/hosts/hydra/nginx.nix
deleted file mode 100644
index 9aadd25..0000000
--- a/config/hosts/hydra/nginx.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-{ ... }:
-{
-  services.nginx = {
-    enable = true;
-    virtualHosts = {
-      "hydra.nekover.se" = {
-        forceSSL = true;
-        enableACME = true;
-        listen = [{
-          addr = "0.0.0.0";
-          port = 80;
-        }];
-        locations."/" = {
-          proxyPass = "http://localhost:3001";
-        };
-        extraConfig = ''
-          listen 0.0.0.0:8443 http2 ssl proxy_protocol;
-
-          set_real_ip_from 10.202.41.100; # IPv4 from web-public-2
-          set_real_ip_from 10.203.10.3; # IPv6 from valkyrie
-          real_ip_header proxy_protocol;
-        '';
-      };
-      "nix-cache.nekover.se" = {
-        forceSSL = true;
-        enableACME = true;
-        listen = [        {
-          addr = "0.0.0.0";
-          port = 80;
-        }];
-        locations."/" = {
-          proxyPass = "http://localhost:5005";
-        };
-        extraConfig = ''
-          listen 0.0.0.0:8443 http2 ssl proxy_protocol;
-
-          set_real_ip_from 10.202.41.100; # IPv4 from web-public-2
-          set_real_ip_from 10.203.10.3; # IPv6 from valkyrie
-          real_ip_header proxy_protocol;
-        '';
-      };
-    };
-  };
-}
diff --git a/config/hosts/hydra/nix-serve.nix b/config/hosts/hydra/nix-serve.nix
deleted file mode 100644
index 75c18cb..0000000
--- a/config/hosts/hydra/nix-serve.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ ... }:
-{
-  services.nix-serve = {
-    enable = true;
-    port = 5005;
-    bindAddress = "localhost";
-    secretKeyFile = "/secrets/signing-key.secret";
-  };
-}
diff --git a/config/hosts/hydra/secrets.nix b/config/hosts/hydra/secrets.nix
deleted file mode 100644
index 43329f7..0000000
--- a/config/hosts/hydra/secrets.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ keyCommandEnv, ... }:
-{
-  deployment.keys."signing-key.secret" = {
-    keyCommand = keyCommandEnv ++ [ "pass" "hydra/signing-key" ];
-    destDir = "/secrets";
-    user = "root";
-    group = "root";
-    permissions = "0640";
-    uploadAt = "pre-activation";
-  };
-}
diff --git a/config/hosts/valkyrie/nginx.nix b/config/hosts/valkyrie/nginx.nix
index ab96419..2ea8db8 100644
--- a/config/hosts/valkyrie/nginx.nix
+++ b/config/hosts/valkyrie/nginx.nix
@@ -41,7 +41,6 @@
         element-admin.nekover.se 10.202.41.100:8443;
         fi.nekover.se 10.202.41.125:8443;
         git.nekover.se 10.202.41.106:8443;
-        hydra.nekover.se 10.202.41.121:8443;
         id.nekover.se 10.202.41.124:8443;
         mas.nekover.se 10.202.41.112:8443;
         matrix.nekover.se 10.202.41.112:8443;
diff --git a/config/hosts/web-public-2/nginx.nix b/config/hosts/web-public-2/nginx.nix
index 3217be8..87a1ec9 100644
--- a/config/hosts/web-public-2/nginx.nix
+++ b/config/hosts/web-public-2/nginx.nix
@@ -21,7 +21,6 @@
           element-admin.nekover.se 10.202.41.100:8443;
           fi.nekover.se 10.202.41.125:8443;
           git.nekover.se 10.202.41.106:8443;
-          hydra.nekover.se 10.202.41.121:8443;
           id.nekover.se 10.202.41.124:8443;
           mas.nekover.se 10.202.41.112:8443;
           matrix.nekover.se 10.202.41.112:8443;
diff --git a/flake.nix b/flake.nix
index 7ea486c..0e09394 100644
--- a/flake.nix
+++ b/flake.nix
@@ -40,12 +40,6 @@
       };
     } // builtins.mapAttrs (helper.generateColmenaHost) hosts;
 
-    hydraJobs = {
-      nixConfigurations = builtins.mapAttrs (host: helper.generateNixConfiguration host {
-        inherit nixpkgs-unstable nixpkgs-master hosts simple-nixos-mailserver;
-      }) hosts;
-    };
-
     # Generate a base VM image for Proxmox with `nix build .#base-proxmox`
     packages.x86_64-linux = {
       base-proxmox = nixos-generators.nixosGenerate {
diff --git a/hosts.nix b/hosts.nix
index 86d65e2..83e3a63 100644
--- a/hosts.nix
+++ b/hosts.nix
@@ -27,10 +27,6 @@ let
   }) hosts;
 in
   generateDefaults {
-    hydra = {
-      site = "vs";
-      environment = "proxmox";
-    };
     ikiwiki = {
       site = "vs";
       environment = "proxmox";