{ pkgs, lib, config, ... }:
let
  vivariumBuilderDefault = {
    systems = [ "x86_64-linux" "aarch64-linux" ];
    protocol = "ssh-ng";
    sshUser = "nixremote";
    # sshKey doesn't work
  };
  # MANU ssh-keygen -y -f /etc/ssh/ssh_host_ed25519_key | base64 -w0
  vivariumBuilders = [
    {
      hostName = "abavorana.frogeye.fr";
      publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU5iNzcrS01tRHI0MVhZdmZITXQvK3NHMkJCSEIzYUl4M045WDNVejhFaUogZ2VvZmZyZXlAY3VyYWNhbwo=";
      supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
      maxJobs = 8;
    }
    {
      hostName = "ludwig.clowncar.frogeye.fr";
      publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU41SXZhMzNXeGplN095cHVEUHBSakFNMTlvRUtEVDRiYlpUTm82V1FLZTAgZ2VvZmZyZXlAY3VyYWNhbwo=";
      maxJobs = 4;
    }
  ];
  # MANU pass vivarium/lemmy/remote-builds/cache | nix key convert-secret-to-public | cat
  publicKeys = [
    "abavorana.frogeye.fr:rcKZ9gwaIQLcst/vbhbF7meUQD5sveT2QQN4a+Zo1BM="
    "ludwig.clowncar.frogeye.fr:jTlN0fCOLU49M3LQw5j/u++Gmwrsv3m9RGs0slSg6r0="
  ];
in
{
  config = {
    system.activationScripts.diff = {
      supportsDryActivation = true;
      text = ''
        mkdir -p /root/.ssh
        cat ${pkgs.writeText "root-ssh-config" (lib.strings.concatLines (builtins.map (builder: ''
        Host ${builder.hostName}
          Port 2278
          ControlMaster auto
          ControlPath ~/.ssh/master-%r@%n:%p
          ControlPersist 60s
        '') vivariumBuilders)) } > /root/.ssh/config
      '';
    };
    nix = {
      buildMachines = builtins.map (vivariumBuilder: vivariumBuilderDefault // vivariumBuilder) vivariumBuilders;
      distributedBuilds = false;
      settings = {
        builders-use-substitutes = true;
        trusted-public-keys = publicKeys;
        trusted-substituters = builtins.map (builder: "${builder.protocol}://${builder.sshUser}@${builder.hostName}") config.nix.buildMachines;
      };
    };
  };
}