{ pkgs, config, lib, ... }:

let
  cfg = config.machine;
in {
  nix = {
    maxJobs = 4;
    buildCores = 1;
    autoOptimiseStore = true;
    useSandbox = true;
    package = pkgs.nix_2_4;
    allowedUsers = [ "root" ] ++ (map (n: n.name) cfg.administrators);
    extraOptions = ''
      build-timeout = 86400  # 24 hours
      experimental-features = nix-command flakes
    '';
    binaryCachePublicKeys = [ (lib.fileContents "${cfg.secretPath}/hydra_cache.pub") ];
    trustedBinaryCaches = [
      "https://cache.nixos.org"
    ] ++ cfg.binaryCaches;
    binaryCaches = [
      "https://cache.nixos.org"
    ] ++ cfg.binaryCaches;
  };
}