{config, ...}: {
  services.hydra = {
    enable = true;
    hydraURL = "http://localhost:3000"; # externally visible URL
    notificationSender = "hydra@localhost"; # e-mail of hydra service
    # a standalone hydra will require you to unset the buildMachinesFiles list to avoid using a nonexistant /etc/nix/machines
    buildMachinesFiles = [];
    # you will probably also want, otherwise *everything* will be built from scratch
    useSubstitutes = true;
  };
  nix.settings.allowed-uris = [
    "github:"
    "git+https://github.com/"
    "git+ssh://github.com/"
    "git+https://git.ghoscht.com/"
    "git+ssh://git.ghoscht.com/"
    "https://git.ghoscht.com/"
  ];
  networking.firewall = {
    allowedTCPPorts = [config.services.hydra.port];
  };
  # nix.gc = {
  #   automatic = true;
  #   dates = "15 3 * * *"; # [1]
  # };
  #
  nix.autoOptimiseStore = true;
}