1  { config, ... }:
 2  {
 3    sops.secrets.psi-builder = {
 4      sopsFile = ../sops/builders/psi-builder/secret;
 5      format = "binary";
 6    };
 7  
 8    nix.distributedBuilds = true;
 9  
10    nix.buildMachines = [
11      {
12        hostName = "psi";
13        sshUser = "root";
14        protocol = "ssh-ng";
15        sshKey = config.sops.secrets.psi-builder.path;
16        systems = [ "x86_64-linux" ];
17        maxJobs = 24;
18        supportedFeatures = [
19          "big-parallel"
20          "kvm"
21          "nixos-test"
22        ];
23      }
24    ];
25  
26    # let system level nix-daemon could access the configuration
27    environment.etc."ssh/ssh_config.d/remote-builder.conf".text = ''
28      Host psi
29        HostName 10.100.0.2
30        Port 10022
31        ProxyJump eta
32        IdentityAgent none
33  
34      Host eta
35        HostName jump.sjanglab.org
36        Port 10022
37        IdentityFile ${config.sops.secrets.psi-builder.path}
38        IdentityAgent none
39    '';
40  }