{ config, lib, ... }:
let
  cfg = config.custom.services.nixCacheClient;
in
{
  options.custom.services.nixCacheClient = {
    enable = lib.mkEnableOption "Nix SSH cache client";
    disableLocalBuilds = lib.mkEnableOption "remote builds only";
  };

  config = lib.mkIf cfg.enable {
    nix = {
      buildMachines = [
        {
          hostName = "cache.sinerva.eu";
          maxJobs = 6;
          protocol = "ssh";
          speedFactor = 10;
          sshUser = "nix-ssh";
          supportedFeatures = [
            "kvm"
            "nixos-test"
            "big-parallel"
            "benchmark"
          ];
          systems = [
            "x86_64-linux"
            "aarch64-linux"
          ];
        }
      ];
      distributedBuilds = true;
      settings = {
        substituters = [ "ssh://nix-ssh@cache.sinerva.eu" ];
        trusted-public-keys = [ "cache.sinerva.eu:TaIhyAKozO/r88EBWMSdbp+TB0YlcXT/EADunYoYLVc=" ];
        builders-use-substitutes = true;
        max-jobs = lib.mkIf cfg.disableLocalBuilds 0;
      };
    };
    services.openssh.knownHosts."cache.sinerva.eu".publicKey =
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFgT2MGhvvJkWSNCfN0my/lNsTQtTV6+OcTHBSPVlGFA";
    programs.ssh.extraConfig = ''
      Host cache.sinerva.eu
        IdentityFile /etc/ssh/ssh_host_ed25519_key
    '';
  };
}