{
  config,
  lib,
  ...
}:
let
  cfg = config.kropcloud.services.hydra;
in
{
  options.kropcloud.services.hydra = {
    enable = lib.mkEnableOption "Whence to enable hydra service.";
    listenHost = lib.mkOption {
      description = "Which host should hydra listen at";
      type = lib.types.str;
      default = "localhost";
      example = "192.168.1.160";
    };
    port = lib.mkOption {
      description = "Which port should hydra listen at";
      type = lib.types.port;
      default = 3000;
      example = 3000;
    };
    hydraURL = lib.mkOption {
      description = "Which host should hydra listen at";
      type = lib.types.nullOr lib.types.str;
      default = null;
      example = "http://192.168.1.160:3000";
    };
  };
  config = lib.mkIf cfg.enable {
    services.hydra = {
      enable = true;
      useSubstitutes = true;
      hydraURL =
        if (cfg.hydraURL != null) then
          cfg.hydraURL
        else
          "http://${cfg.listenHost}:${builtins.toString cfg.port}";
      notificationSender = "hydra@localhost";
      listenHost = cfg.listenHost;
      port = cfg.port;
    };

    nix.settings.allowed-uris = [
      "github:"
      "https://github.com/"
      "git+https://github.com/"
      "git+ssh://github.com/"
    ];

    networking.firewall.allowedTCPPorts = [
      cfg.port
    ];
  };
}