diff --git a/hosts/lambdaos/configuration.nix b/hosts/lambdaos/configuration.nix
index 3860a8c..f697e36 100644
--- a/hosts/lambdaos/configuration.nix
+++ b/hosts/lambdaos/configuration.nix
@@ -52,7 +52,13 @@
       ];
     write = true;
   };
-  nix.settings.trusted-users = [ "nix-ssh" ];
+  nix = {
+    settings = {
+      builders-use-substitutes = true;
+      trusted-users = [ "root" "remotebuilder" "@wheel" ];
+    };
+  };
+
 
   # Allow unfree packages
   nixpkgs.config = {
@@ -88,6 +94,16 @@
       hashedPassword = "$6$rounds=512400$Zip3xoK2zcoR4qEL$N13YTHO5tpWfx2nKb1sye.ZPwfoRtMQ5f3YrMZqKzzoFoSSHHJ.l5ulCEa9HygFxZmBtPnwlseFEtl8ERnwF50";
       openssh.authorizedKeys.keys = (import ../../common/ssh-keys.nix);
     };
+    remotebuilder = {
+      isNormalUser = true;
+      hashedPassword = "!";
+      description = "Remote nix builder";
+      openssh.authorizedKeys.keys =
+        [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRZXNqs7FgVeTCt2ElOARt5f/bR1gjk5bS+zCJA6C1P root@nuOS"
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII7X17VovmxkwhKxIg795yO1Sf7dwO50pybMRlUDLLcA hydra@nuOS"
+        ];
+    };
   };
 
   home-manager = {
@@ -345,7 +361,6 @@
   # networking.firewall.enable = false;
 
 
-
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
   # on your system were taken. It‘s perfectly fine and recommended to leave
diff --git a/hosts/nuos/configuration.nix b/hosts/nuos/configuration.nix
index fe5c21a..5cb8a4e 100644
--- a/hosts/nuos/configuration.nix
+++ b/hosts/nuos/configuration.nix
@@ -43,6 +43,16 @@
       hashedPassword = "$6$rounds=512400$g/s4dcRttXi4ux6c$Z6pKnhJXcWxv0TBSMtvJu5.piETdUBSgBVN7oDPKiQV.lbTYz1r.0XQLwMYxzcvaaX0DL6Iw/SEUTiC2M50wC/";
       openssh.authorizedKeys.keys = import ../../common/ssh-keys.nix;
     };
+    remotebuilder = {
+      isNormalUser = true;
+      hashedPassword = "!";
+      description = "Remote nix builder";
+      openssh.authorizedKeys.keys =
+        [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRZXNqs7FgVeTCt2ElOARt5f/bR1gjk5bS+zCJA6C1P root@nuOS"
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII7X17VovmxkwhKxIg795yO1Sf7dwO50pybMRlUDLLcA hydra@nuOS"
+        ];
+    };
   };
 
   # Allow unfree packages
@@ -89,9 +99,29 @@
   };
 
   nix = {
-    buildMachines = [ ];
-    distributedBuilds = false;
-    settings.builders-use-substitutes = true;
+    buildMachines = [
+      {
+        hostName = "localhost";
+        protocol = null;
+        system = "x86_64-linux";
+        supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
+        maxJobs = 4;
+        sshUser = "remotebuilder";
+      }
+      {
+        hostName = "lambdaos";
+        protocol = "ssh";
+        system = "x86_64-linux";
+        supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
+        maxJobs = 8;
+        sshUser = "remotebuilder";
+      }
+    ];
+    distributedBuilds = true;
+    settings = {
+      builders-use-substitutes = true;
+      trusted-users = [ "root" "remotebuilder" "@wheel" ];
+    };
   };
 
   systemd.services."update-from-flake" = {
@@ -146,16 +176,16 @@
   };
 
   services = {
-    # hydra = {
-    #   enable = true;
-    #   hydraURL = "https://hydra.itepastra.nl";
-    #   port = 9212;
-    #   notificationSender = "hydra@localhost";
-    #   useSubstitutes = true;
-    #   # listenHost = "localhost";
-    #   minimumDiskFree = 100;
-    #   minimumDiskFreeEvaluator = 100;
-    # };
+    hydra = {
+      enable = true;
+      hydraURL = "https://hydra.itepastra.nl";
+      port = 9212;
+      notificationSender = "hydra@localhost";
+      useSubstitutes = true;
+      # listenHost = "localhost";
+      minimumDiskFree = 100;
+      minimumDiskFreeEvaluator = 100;
+    };
     nix-serve = {
       enable = true;
       package = pkgs.nix-serve-ng;