{ pkgs, ... }:
{
  sops.secrets = {
    "remote-build/publicKey" = {
      sopsFile = ./../secrets/common.yaml;
      path = "/root/.ssh/remote-build.pub";
      mode = "0644";
      owner = "root";
      group = "root";
    };
    "remote-build/privateKey" = {
      sopsFile = ./../secrets/common.yaml;
      path = "/root/.ssh/remote-build";
      mode = "0600";
      owner = "root";
      group = "root";
    };
  };

  services.openssh.settings.AllowUsers = [ "remotebuild" ];
  users = {
    users.remotebuild = {
      isSystemUser = true;
      group = "remotebuild";
      shell = pkgs.bashInteractive;
      openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDGsHMycO4DL/HlkyWbzSQ6fzeWwRje/pb44NNwrwB11 remotebuild@ruject"
      ];
    };
    groups.remotebuild = { };
  };

  nix = {
    distributedBuilds = true;
    settings = {
      builders-use-substitutes = true;
      trusted-users = [ "remotebuild" ];
    };

    buildMachines = [
      {
        hostName = "ruject.fun";
        sshUser = "remotebuild";
        sshKey = "/root/.ssh/remote-build";
        protocol = "ssh";
        system = "x86_64-linux";
        systems = [
          "x86_64-linux"
        ];
        maxJobs = 4;
        speedFactor = 2;
        supportedFeatures = [
          "nixos-test"
          "benchmark"
          "big-parallel"
          "kvm"
        ];
      }
    ];
  };
}