infra/modules/nixos/services/remote-builder.nix

{ config, lib, pkgs, ... }:
let
  cfg = config.services.remoteBuilder;
in {
  options.services.remoteBuilder = {
    enable = lib.mkEnableOption "remote Nix build machine (lazyworkhorse server)";

    buildMachine = {
      host = lib.mkOption {
        type = lib.types.str;
        default = "lazyworkhorse.net";
        description = "Hostname or IP of the remote build machine.";
      };
      sshUser = lib.mkOption {
        type = lib.types.str;
        default = "ai-worker";
        description = "SSH user on the remote build machine.";
      };
      port = lib.mkOption {
        type = lib.types.port;
        default = 2424;
        description = "SSH port — added via ~root/.ssh/config since nix.buildMachines has no sshPort option.";
      };
      systems = lib.mkOption {
        type = lib.types.listOf lib.types.str;
        default = [ "aarch64-linux" "x86_64-linux" ];
        description = "System types the remote builder can build for.";
      };
      maxJobs = lib.mkOption {
        type = lib.types.int;
        default = 16;
        description = "Max parallel jobs on the remote builder.";
      };
      supportedFeatures = lib.mkOption {
        type = lib.types.listOf lib.types.str;
        default = [ "big-parallel" "nixos-test" "benchmark" ];
        description = "Features the remote builder supports.";
      };
    };

    fallbackLocal = lib.mkOption {
      type = lib.types.bool;
      default = true;
      description = "Fall back to local build when remote builder is unreachable.";
    };
  };

  config = lib.mkIf cfg.enable {
    nix.distributedBuilds = true;
    nix.buildMachines = [{
      hostName = cfg.buildMachine.host;
      sshUser = cfg.buildMachine.sshUser;
      systems = cfg.buildMachine.systems;
      maxJobs = cfg.buildMachine.maxJobs;
      supportedFeatures = cfg.buildMachine.supportedFeatures;
    }];

    nix.extraOptions = lib.optionalString cfg.fallbackLocal ''
      builders-use-substitutes = true
      fallback = true
    '';

    # SSH config for the remote builder (since nix.buildMachines has no port option)
    programs.ssh.extraConfig = ''
      Host ${cfg.buildMachine.host}
        HostName ${cfg.buildMachine.host}
        Port ${toString cfg.buildMachine.port}
        User ${cfg.buildMachine.sshUser}
    '';
  };
}