{ pkgs, config, lib, ... }:

let
  cfg = config.machine;
in {
  nix = {
    package = pkgs.nix;
    settings = {
      max-jobs = 4;
      cores = 1;
      sandbox = true;
      auto-optimise-store = true;
      trusted-substituters = [
        "https://cache.nixos.org"
      ] ++ cfg.binaryCaches;
      trusted-public-keys = [ (lib.fileContents "${cfg.secretPath}/hydra_cache.pub") ];
      substituters = [
        "https://cache.nixos.org"
      ] ++ cfg.binaryCaches;
      allowed-users = [ "root" ] ++ (map (n: n.name) cfg.administrators);
    };
    extraOptions = ''
      build-timeout = 86400  # 24 hours
      experimental-features = nix-command flakes
    '';
  };
}