made a build and nixremote modules.

config/base.nix

@@ -78,55 +78,42 @@
       "dotnet-sdk-6.0.428"
     ];
   };
-  nix =
+  nix = {
-    let
+    distributedBuilds = true;
-      featuresList = [
+    optimise.automatic = true;
-        "nixos-test"
+    settings = {
-        "benchmark"
+      use-xdg-base-directories = true;
-        "big-parallel"
+      auto-optimise-store = true;
-        "kvm"
+      trusted-users = [
-        "gccarch-znver3"
+        "jawz"
-        "gccarch-skylake"
+        "root"
-        "gccarch-alderlake"
+        "nixremote"
+      ];
+      experimental-features = [
+        "nix-command"
+        "flakes"
+        "pipe-operators"
+      ];
+      substituters = [
+        "https://nix-gaming.cachix.org"
+        "https://nixpkgs-python.cachix.org"
+        "https://devenv.cachix.org"
+        "https://cuda-maintainers.cachix.org"
+        "https://ai.cachix.org"
+        "https://cache.lix.systems"
+        "https://cosmic.cachix.org"
+      ];
+      trusted-public-keys = [
+        "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
+        "nixpkgs-python.cachix.org-1:hxjI7pFxTyuTHn2NkvWCrAUcNZLNS3ZAvfYNuYifcEU="
+        "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
+        "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
+        "ai.cachix.org-1:N9dzRK+alWwoKXQlnn0H6aUx0lU/mspIoz8hMvGvbbc="
+        "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
+        "cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
       ];
-    in
-    {
-      distributedBuilds = true;
-      optimise.automatic = true;
-      settings = {
-        use-xdg-base-directories = true;
-        auto-optimise-store = true;
-        trusted-users = [
-          "jawz"
-          "root"
-          "nixremote"
-        ];
-        system-features = featuresList;
-        experimental-features = [
-          "nix-command"
-          "flakes"
-          "pipe-operators"
-        ];
-        substituters = [
-          "https://nix-gaming.cachix.org"
-          "https://nixpkgs-python.cachix.org"
-          "https://devenv.cachix.org"
-          "https://cuda-maintainers.cachix.org"
-          "https://ai.cachix.org"
-          "https://cache.lix.systems"
-          "https://cosmic.cachix.org"
-        ];
-        trusted-public-keys = [
-          "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
-          "nixpkgs-python.cachix.org-1:hxjI7pFxTyuTHn2NkvWCrAUcNZLNS3ZAvfYNuYifcEU="
-          "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
-          "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
-          "ai.cachix.org-1:N9dzRK+alWwoKXQlnn0H6aUx0lU/mspIoz8hMvGvbbc="
-          "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
-          "cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
-        ];
-      };
     };
+  };
   documentation.enable = false;
   environment = {
     systemPackages = builtins.attrValues {

hosts/miniserver/configuration.nix

@@ -1,11 +1,32 @@
-{ ... }:
+{ config, ... }:
 {
   imports = [
     ./hardware-configuration.nix
     ../../config/base.nix
     ../../config/stylix.nix
   ];
-  my = import ./toggles.nix;
+  my = import ./toggles.nix // {
+    nix.cores = 3;
+    nix.maxJobs = 8;
+    users.nixremote.enable = true;
+    users.nixremote.authorizedKeys = [
+      ../../secrets/ssh/ed25519_nixworkstation.pub
+      ../../secrets/ssh/ed25519_nixserver.pub
+    ];
+  };
+  nix.buildMachines =
+    let
+      buildMachine = hostName: maxJobs: speedFactor: {
+        inherit hostName maxJobs speedFactor;
+        system = "x86_64-linux";
+        sshUser = "nixremote";
+        supportedFeatures = config.my.nix.features;
+      };
+    in
+    [
+      (buildMachine "workstation" 16 40)
+      (buildMachine "server" 16 17)
+    ];
   networking = {
     hostName = "miniserver";
     firewall = {
@@ -13,47 +34,7 @@
       allowedUDPPorts = [ 2049 ];
     };
   };
-  nix = {
-    settings = {
-      cores = 3;
-      max-jobs = 8;
-    };
-    buildMachines =
-      let
-        buildMachine = hostName: maxJobs: speedFactor: {
-          inherit hostName maxJobs speedFactor;
-          system = "x86_64-linux";
-          sshUser = "nixremote";
-          supportedFeatures = [
-            "nixos-test"
-            "benchmark"
-            "big-parallel"
-            "kvm"
-            "gccarch-znver3"
-            "gccarch-skylake"
-            "gccarch-alderlake"
-          ];
-        };
-      in
-      [
-        (buildMachine "workstation" 16 40)
-        (buildMachine "server" 16 17)
-      ];
-  };
   nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1w" ];
-  users = {
-    groups.nixremote.gid = 555;
-    users.nixremote = {
-      isNormalUser = true;
-      createHome = true;
-      group = "nixremote";
-      home = "/var/nixremote/";
-      openssh.authorizedKeys.keyFiles = [
-        ../../secrets/ssh/ed25519_nixworkstation.pub
-        ../../secrets/ssh/ed25519_nixserver.pub
-      ];
-    };
-  };
   services = {
     btrfs.autoScrub = {
       enable = true;

hosts/server/configuration.nix

@@ -10,7 +10,24 @@
     ../../config/base.nix
     ../../config/stylix.nix
   ];
-  my = import ./toggles.nix { inherit config; };
+  my = import ./toggles.nix { inherit config; } // {
+    nix.cores = 6;
+    users.nixremote.enable = true;
+    users.nixremote.authorizedKeys = [
+      ../../secrets/ssh/ed25519_nixworkstation.pub
+      ../../secrets/ssh/ed25519_nixminiserver.pub
+    ];
+  };
+  nix.buildMachines = [
+    {
+      hostName = "workstation";
+      system = "x86_64-linux";
+      sshUser = "nixremote";
+      maxJobs = 12;
+      speedFactor = 1;
+      supportedFeatures = config.my.nix.features;
+    }
+  ];
   sops.secrets."vps/home/private".sopsFile = ../../secrets/wireguard.yaml;
   networking =
     let
@@ -51,48 +68,8 @@
         ];
       };
     };
-  nix =
+  users.users.jawz.packages = builtins.attrValues {
-    let
+    inherit (pkgs) podman-compose;
-      featuresList = [
-        "nixos-test"
-        "benchmark"
-        "big-parallel"
-        "kvm"
-        "gccarch-znver3"
-        "gccarch-skylake"
-        "gccarch-alderlake"
-      ];
-    in
-    {
-      settings.cores = 6;
-      buildMachines = [
-        {
-          hostName = "workstation";
-          system = "x86_64-linux";
-          sshUser = "nixremote";
-          maxJobs = 12;
-          speedFactor = 1;
-          supportedFeatures = featuresList;
-        }
-      ];
-    };
-  users = {
-    groups.nixremote.gid = 555;
-    users = {
-      jawz.packages = builtins.attrValues {
-        inherit (pkgs) podman-compose;
-      };
-      nixremote = {
-        isNormalUser = true;
-        createHome = true;
-        group = "nixremote";
-        home = "/var/nixremote/";
-        openssh.authorizedKeys.keyFiles = [
-          ../../secrets/ssh/ed25519_nixworkstation.pub
-          ../../secrets/ssh/ed25519_nixminiserver.pub
-        ];
-      };
-    };
   };
   services.btrfs.autoScrub = {
     enable = true;

hosts/workstation/configuration.nix

@@ -21,7 +21,15 @@ in
     ../../config/stylix.nix
     ../../environments/gnome.nix
   ];
-  my = import ./toggles.nix;
+  my = import ./toggles.nix // {
+    nix.cores = 8;
+    nix.maxJobs = 8;
+    users.nixremote.enable = true;
+    users.nixremote.authorizedKeys = [
+      ../../secrets/ssh/ed25519_nixserver.pub
+      ../../secrets/ssh/ed25519_nixminiserver.pub
+    ];
+  };
   home-manager.users.jawz = {
     programs = {
       vscode = {
@@ -60,38 +68,19 @@ in
         allowedUDPPortRanges = openPortRanges;
       };
   };
-  nix.settings = {
+  users.users.jawz.packages = [
-    cores = 8;
+    (pkgs.google-cloud-sdk.withExtraComponents [
-    max-jobs = 8;
+      pkgs.google-cloud-sdk.components.gke-gcloud-auth-plugin
-  };
+    ])
-  users = {
+  ]
-    groups.nixremote.gid = 555;
+  ++ builtins.attrValues {
-    users = {
+    inherit (pkgs)
-      jawz.packages = [
+      distrobox # install packages from other os
-        (pkgs.google-cloud-sdk.withExtraComponents [
+      gocryptfs # encrypted filesystem! shhh!!!
-          pkgs.google-cloud-sdk.components.gke-gcloud-auth-plugin
+      vcsi # video thumbnails for torrents, can I replace it with ^?
-        ])
+      keypunch # practice typing
-      ]
+      google-cloud-sdk-gce
-      ++ builtins.attrValues {
+      ;
-        inherit (pkgs)
-          distrobox # install packages from other os
-          gocryptfs # encrypted filesystem! shhh!!!
-          vcsi # video thumbnails for torrents, can I replace it with ^?
-          keypunch # practice typing
-          google-cloud-sdk-gce
-          ;
-      };
-      nixremote = {
-        isNormalUser = true;
-        createHome = true;
-        group = "nixremote";
-        home = "/var/nixremote/";
-        openssh.authorizedKeys.keyFiles = [
-          ../../secrets/ssh/ed25519_nixserver.pub
-          ../../secrets/ssh/ed25519_nixminiserver.pub
-        ];
-      };
-    };
   };
   environment = {
     pathsToLink = [ "share/thumbnailers" ];

modules/modules.nix

@@ -30,7 +30,11 @@ in
     ++ autoImport "scripts"
     ++ autoImport "servers"
     ++ autoImport "services"
-    ++ autoImport "shell";
+    ++ autoImport "shell"
+    ++ [
+      ./nix/build.nix
+      ./users/nixremote.nix
+    ];
   options.my = {
     localhost = lib.mkOption {
       type = lib.types.str;

modules/nix/build.nix

@@ -0,0 +1,53 @@
+{ lib, config, ... }:
+{
+  options.my.nix = {
+    features = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      default = [
+        "nixos-test"
+        "benchmark"
+        "big-parallel"
+        "kvm"
+        "gccarch-znver3"
+        "gccarch-skylake"
+        "gccarch-alderlake"
+      ];
+      description = "List of supported nix build features for this system";
+    };
+    
+    buildMachines = lib.mkOption {
+      type = lib.types.listOf lib.types.attrs;
+      default = [];
+      description = "List of remote build machines configuration";
+    };
+    
+    cores = lib.mkOption {
+      type = lib.types.nullOr lib.types.int;
+      default = null;
+      description = "Number of cores to use for builds (null = auto-detect)";
+    };
+    
+    maxJobs = lib.mkOption {
+      type = lib.types.nullOr lib.types.int;
+      default = null;
+      description = "Maximum number of parallel jobs (null = auto-detect)";
+    };
+  };
+
+  config = {
+    nix.settings = lib.mkMerge [
+      {
+        system-features = config.my.nix.features;
+      }
+      (lib.mkIf (config.my.nix.cores != null) {
+        cores = config.my.nix.cores;
+      })
+      (lib.mkIf (config.my.nix.maxJobs != null) {
+        max-jobs = config.my.nix.maxJobs;
+      })
+    ];
+    
+    nix.buildMachines = lib.mkIf (config.my.nix.buildMachines != []) 
+      config.my.nix.buildMachines;
+  };
+} 

modules/users/nixremote.nix

@@ -0,0 +1,41 @@
+{ lib, config, ... }:
+{
+  options.my.users.nixremote = {
+    enable = lib.mkEnableOption "nixremote user for distributed builds";
+    
+    authorizedKeys = lib.mkOption {
+      type = lib.types.listOf lib.types.path;
+      default = [
+        ../../secrets/ssh/ed25519_nixworkstation.pub
+        ../../secrets/ssh/ed25519_nixserver.pub
+        ../../secrets/ssh/ed25519_nixminiserver.pub
+      ];
+      description = "List of SSH public key files to authorize for nixremote user";
+    };
+    
+    gid = lib.mkOption {
+      type = lib.types.int;
+      default = 555;
+      description = "Group ID for the nixremote group";
+    };
+    
+    home = lib.mkOption {
+      type = lib.types.str;
+      default = "/var/nixremote/";
+      description = "Home directory for the nixremote user";
+    };
+  };
+
+  config = lib.mkIf config.my.users.nixremote.enable {
+    users = {
+      groups.nixremote.gid = config.my.users.nixremote.gid;
+      users.nixremote = {
+        isNormalUser = true;
+        createHome = true;
+        group = "nixremote";
+        home = config.my.users.nixremote.home;
+        openssh.authorizedKeys.keyFiles = config.my.users.nixremote.authorizedKeys;
+      };
+    };
+  };
+}