Setup remote builds and set Pi mostly readonly

modules/hosts/nixos/kiosk-gene-desk/default.nix

@@ -10,6 +10,7 @@
   imports = [
     # SD card image
     "${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
+    ./read-only-root.nix
   ];
 
   system.stateVersion = "24.11";
@@ -49,6 +50,29 @@
     };
   };
 
+  nix = {
+    distributedBuilds = true;
+    buildMachines = [
+      {
+        hostName = "hetznix02.technicalissues.us";
+        system = "aarch64-linux";
+        protocol = "ssh-ng";
+        maxJobs = 4;
+        speedFactor = 2;
+        supportedFeatures = [
+          "nixos-test"
+          "benchmark"
+          "big-parallel"
+        ];
+        sshUser = "gene";
+        sshKey = "/root/.ssh/id_ed25519";
+      }
+    ];
+    extraOptions = ''
+      builders-use-substitutes = true
+    '';
+  };
+
   nixpkgs.overlays = [
     (_final: super: {
       makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; });