Fix pure eval and harden nix script bootstrap

modules/nix/remote-builder-client.nix

@@ -0,0 +1,26 @@
+{ pkgs, ... }:
+
+{
+  # Install the remote builder key on each client host (do not commit private keys):
+  #   sudo install -d -m 0700 /root/.ssh
+  #   sudo install -m 0600 ./nixremote /root/.ssh/nixremote
+  #   sudo ssh -i /root/.ssh/nixremote nixremote@nix-cache nix-store --version
+  nix.distributedBuilds = true;
+
+  nix.buildMachines = [
+    {
+      hostName = "nix-cache";
+      sshUser = "nixremote";
+      sshKey = "/root/.ssh/nixremote";
+      system = pkgs.stdenv.hostPlatform.system;
+      maxJobs = 4;
+      speedFactor = 2;
+      supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
+    }
+  ];
+
+  nix.settings = {
+    builders-use-substitutes = true;
+    max-jobs = "auto";
+  };
+}