{ pkgs, configVars, ... }:
let
  remoteMachineIp = configVars.networking.addresses.remote-builder.ip;
in
{
  nix.distributedBuilds = true;
  nix.settings.builders-use-substitutes = true;
  nix.settings.max-jobs = 0;
  nix.settings.trusted-substituters = ["ssh://${remoteMachineIp}"];
  nix.settings.substituters = ["ssh://${remoteMachineIp}"];

  nix.buildMachines = [
    {
      hostName = "remotebuild@${remoteMachineIp}";
      speedFactor = 1;
      maxJobs = 10;
      sshKey = "/root/.ssh/remotebuild";
      system = pkgs.stdenv.hostPlatform.system;
      supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
    }
  ];

  programs.ssh.knownHosts = {
    "merlin" = {
      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFSGyrQvwa7gj0tG/EX3siWzGT9badUkD0yw0YGkcNeQ root@merlin";
    };
  };

  programs.ssh.extraConfig = ''
    Host ${remoteMachineIp}
    	Port 22
    	User remotebuild
    	IdentitiesOnly yes
    	IdentityFile /root/.ssh/remotebuild
  '';

  sops.secrets = {
    "ssh_keys/root/remotebuild" = {
      path = "/root/.ssh/remotebuild";
    };
  };
}