{ config, lib, pkgs, ... }:

with lib;

{

  options.profiles.clerie.hydra-build-machine = {
    enable = mkEnableOption "Set defaults for hydra build machines";
  };

  config = mkIf config.profiles.clerie.hydra-build-machine.enable {

    # Allow Hydra to fetch remote URLs in restricted mode
    nix.settings.allowed-uris = "http: https: git+https: github:";

    services.openssh.settings= {
     PermitRootLogin = "yes";
    };

    users.extraUsers.root.openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMv8Lbca/CR4das3HJ2F/sQ9dA7kdGS1hSVTt5lX4diP root@hydra-1"
    ];

  };

}