{ config, lib, ... }:

let
  user_keys = user:
    lib.optionals (builtins.hasAttr "bertof" config.users.users)
      config.users.users.${user}.openssh.authorizedKeys.keys;
in
{
  # nix.buildMachines 
  nix.distributedBuilds = true;

  nix.sshServe = {
    enable = true;
    keys = user_keys "bertof";
    write = true;
    protocol = "ssh-ng";
  };

  services.nix-serve = {
    enable = true;
    openFirewall = true;
    secretKeyFile = "/etc/nix/serve";
  };

  nix.settings = {
    trusted-users = [ "root" "nix-ssh" "@wheel" ];
    trusted-public-keys = [
      "odin:ukZZy//P0nBAcy4ycX8eYCByRJFOfJRlfW4sYjP/rGE="
      "loki:jVAH1bQugXdQ1w29lvVknyPqWwmAn7WhjKf7z4t+q7E="
    ];
    substituters = [
      # "https://192.168.0.10"
      # "https://192.168.0.100"
      # "ssh-ng://loki.local"
      # "ssh-ng://odin.local"
      # "ssh-ng://192.168.0.10"
      # "ssh-ng://192.168.0.100"
    ];
    # trusted-substituters = [
    # ];
  };

}