diff --git a/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix b/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix
index 9f9b86ee61c..2f0b573e872 100644
--- a/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix
+++ b/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix
@@ -37,15 +37,22 @@ let
         description = ''
           Number of tasks to perform simultaneously.
 
-          A task is a single derivation build or an evaluation.
+          A task is a single derivation build, an evaluation or an effect run.
           At minimum, you need 2 concurrent tasks for <literal>x86_64-linux</literal>
           in your cluster, to allow for import from derivation.
 
           <literal>concurrentTasks</literal> can be around the CPU core count or lower if memory is
           the bottleneck.
+
+          The optimal value depends on the resource consumption characteristics of your workload,
+          including memory usage and in-task parallelism. This is typically determined empirically.
+
+          When scaling, it is generally better to have a double-size machine than two machines,
+          because each split of resources causes inefficiencies; particularly with regards
+          to build latency because of extra downloads.
         '';
-        type = types.int;
-        default = 4;
+        type = types.either types.ints.positive (types.enum [ "auto" ]);
+        default = "auto";
       };
       workDirectory = mkOption {
         description = ''
@@ -186,7 +193,18 @@ in
       # even shortly after the previous lookup. This *also* applies to the daemon.
       narinfo-cache-negative-ttl = 0
     '';
-    services.hercules-ci-agent.tomlFile =
-      format.generate "hercules-ci-agent.toml" cfg.settings;
+    services.hercules-ci-agent = {
+      tomlFile =
+        format.generate "hercules-ci-agent.toml" cfg.settings;
+
+      settings.labels = {
+        agent.source =
+          if options.services.hercules-ci-agent.package.highestPrio == (lib.modules.mkOptionDefault { }).priority
+          then "nixpkgs"
+          else lib.mkOptionDefault "override";
+        pkgs.version = pkgs.lib.version;
+        lib.version = lib.version;
+      };
+    };
   };
 }
diff --git a/nixos/modules/services/continuous-integration/hercules-ci-agent/default.nix b/nixos/modules/services/continuous-integration/hercules-ci-agent/default.nix
index e8a42e59de0..06c174e7d37 100644
--- a/nixos/modules/services/continuous-integration/hercules-ci-agent/default.nix
+++ b/nixos/modules/services/continuous-integration/hercules-ci-agent/default.nix
@@ -68,7 +68,23 @@ in
     # Trusted user allows simplified configuration and better performance
     # when operating in a cluster.
     nix.trustedUsers = [ config.systemd.services.hercules-ci-agent.serviceConfig.User ];
-    services.hercules-ci-agent.settings.nixUserIsTrusted = true;
+    services.hercules-ci-agent = {
+      settings = {
+        nixUserIsTrusted = true;
+        labels =
+          let
+            mkIfNotNull = x: mkIf (x != null) x;
+          in
+          {
+            nixos.configurationRevision = mkIfNotNull config.system.configurationRevision;
+            nixos.release = config.system.nixos.release;
+            nixos.label = mkIfNotNull config.system.nixos.label;
+            nixos.codeName = config.system.nixos.codeName;
+            nixos.tags = config.system.nixos.tags;
+            nixos.systemName = mkIfNotNull config.system.name;
+          };
+      };
+    };
 
     users.users.hercules-ci-agent = {
       home = cfg.settings.baseDirectory;
diff --git a/pkgs/development/tools/continuous-integration/hercules-ci-agent/default.nix b/pkgs/development/tools/continuous-integration/hercules-ci-agent/default.nix
index ccb8b4eba65..bc464c2024e 100644
--- a/pkgs/development/tools/continuous-integration/hercules-ci-agent/default.nix
+++ b/pkgs/development/tools/continuous-integration/hercules-ci-agent/default.nix
@@ -1,4 +1,4 @@
-{ gnutar, gzip, git, haskell, haskellPackages, lib, makeWrapper, runc, stdenv }:
+{ gnutar, gzip, git, haskell, haskellPackages, lib, makeWrapper, nixos, runc, stdenv }:
 let
   inherit (haskell.lib) overrideCabal addBuildDepends;
   inherit (lib) makeBinPath;
@@ -16,8 +16,16 @@ let
           makeWrapper $out/libexec/hercules-ci-agent $out/bin/hercules-ci-agent --prefix PATH : ${makeBinPath bundledBins}
         '';
       });
-in pkg // {
-    meta = pkg.meta // {
+in pkg.overrideAttrs (o: {
+    meta = o.meta // {
       position = toString ./default.nix + ":1";
     };
-  }
+    passthru = o.passthru // {
+      # Does not test the package, but evaluation of the related NixOS module.
+      tests.nixos-minimal-config = nixos {
+        boot.loader.grub.enable = false;
+        fileSystems."/".device = "bogus";
+        services.hercules-ci-agent.enable = true;
+      };
+    };
+  })