How to set up a remote builder that evaluates untrusted derivation?

I am investigating a solution to provide some remote builder services. The idea is that I want to provide the following services:

  1. a shared nix store
  2. a shared remote ssh builder, which can be used in nix --builders ssh://my-user@my-host flag by my users, then the built closure is uploaded to the shared nix store

So that users can avoid rebuilding a nix package if someone else occasionally triggers a build for the same derivation input.

Because the remote builder is shared between users, I definitely don’t want a derivation affects other derivations even if any of them includes malicious code.

According to Multi-User Mode:

If they could do so, they could install a Trojan horse in some package and compromise the accounts of other users.
To prevent this, the Nix store and database are owned by some privileged user (usually root ) and builders are executed under special user accounts (usually named nixbld1 , nixbld2 , etc.).

It seems that multi-user mode could prevent Trojan horses from affecting other users, but I don’t know how to achieve the goal. Questions in my mind include:

  • How to minimize the permission for my-user so that it cannot do anything but trigger the Nix daemon to run a derivation?
  • What if a user passes a derivation to run the shell script rm -rf /nix/store to the remote builder? Would it destroy the shared nix store?
  • Do I need to enforce sandboxing mode?