We've talked about this vaguely as being something like the signing server. We also talked about doing it on the signing servers themselves, but that's probably a bad idea for security reasons. We need to talk about this more in depth and figure out a plan.
Once we have a plan we'll need to file separate bugs for the build system bits we'll need (probably ends up being something like we have for MOZ_SIGN_CMD).
I've got 6 mac r5 minis in bug 859162 that cannot be used as testers and have different spec than builders.
We're just doing the whole thing on Linux in bug 921040.