{
  config,
  lib,
  flakeSelf,
  ...
}: {
  age.secrets = {
    remoteBuilderKey.file = "${flakeSelf.inputs.secrets}/WinMax2/nixrbld-private-key.age";
  };

  programs.ssh = {
    knownHosts.winmax2.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPE+ksvEq/I2LMLOztVXpLE9yuI6EkRh4EtXdlYkhl6C WinMax2 host key";
    extraConfig = ''
      Host nixrbld
        HostName winmax2
        IdentitiesOnly yes
        IdentityFile ${config.age.secrets.remoteBuilderKey.path}
        User nixrbld
    '';
  };

  system.tools.nixos-option.enable = false;

  nix = {
    settings = {
      auto-optimise-store = true;
      experimental-features = "nix-command flakes";
    };
    distributedBuilds = true;
    # Don't use remote builder on the remote builder
    buildMachines = lib.mkIf (config.networking.hostName != "WinMax2") [
      {
        hostName = "nixrbld";
        system = "x86_64-linux";
        protocol = "ssh-ng";
        maxJobs = 4;
        supportedFeatures = [
          "big-parallel"
          "kvm"
          "nixos-test"
        ];
      }
    ];
    optimise = {
      automatic = true;
      dates = ["weekly"];
    };
    registry = {
      agenix = {
        from = {
          id = "agenix";
          type = "indirect";
        };
        to = {
          owner = "ryantm";
          repo = "agenix";
          type = "github";
        };
      };
    };
  };
}