{ config, pkgs, lib, mkDomain, ... }:
{
  # Hydra
  # Nix-based continuous build system
  # https://github.com/NixOS/hydra
  # https://nixos.wiki/wiki/Hydra
  # sudo -u hydra hydra-create-user 'admin' --full-name '<NAME>' --email-address '<EMAIL>' --password-prompt --role admin
  # https://blog.matejc.com/blogs/myblog/nixos-hydra-nginx
  services.hydra = {
    enable = true;
    hydraURL = "https://${mkDomain "hydra"}";
    #smtpHost = ;
    listenHost = "localhost";
    port = 4758;
    notificationSender = "hydra@${config.networking.fqdn}"; # Sender email address used for email notifications.
    #buildMachinesFiles = [];
    #useSubstitutes = true;
    #debugServer = true;
    #logo = /some/path.png;
    #minimumDiskFree = 0; # Minimum disk space (GiB) determining if queue runner runs or not.
    #minimumDiskFreeEvaluator = 0; # Minimum disk space (GiB) determining if evaluator runs or not.
  };
  services.nginx.virtualHosts.${mkDomain "hydra"} = lib.mkIf config.services.hydra.enable {
    forceSSL = true; # addSSL = true;
    enableACME = true; #useACMEHost = acmeDomain;
    locations."/" = {
      proxyPass = "http://127.0.0.1:${toString config.services.hydra.port}";
      proxyWebsockets = true;
      extraConfig = ''
        proxy_set_header  Host              $host;
        proxy_set_header  X-Real-IP         $remote_addr;
        proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header  X-Forwarded-Proto $scheme;
        add_header        Front-End-Https   on;
      '';
    };
  };
}