diff --git a/modules/nixos/base/builder.nix b/modules/nixos/base/builder.nix
deleted file mode 100644
index d37d94c..0000000
--- a/modules/nixos/base/builder.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{
-  keys,
-  config,
-  ...
-}: let
-  inherit (config.ooknet.host) admin;
-in {
-  users = {
-    groups.builder = {};
-    users.builder = (key: ''command="nix-daemon --stdio",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ${key}'') keys.users.${admin.name};
-  };
-}
diff --git a/modules/nixos/base/default.nix b/modules/nixos/base/default.nix
index b039af3..018ada6 100644
--- a/modules/nixos/base/default.nix
+++ b/modules/nixos/base/default.nix
@@ -1,6 +1,7 @@
 {
   imports = [
     ./nix.nix
+    ./distributed-builds.nix
     ./home-manager.nix
     ./boot.nix
     ./admin.nix
diff --git a/modules/nixos/base/distributed-builds.nix b/modules/nixos/base/distributed-builds.nix
new file mode 100644
index 0000000..aa9daac
--- /dev/null
+++ b/modules/nixos/base/distributed-builds.nix
@@ -0,0 +1,59 @@
+{
+  keys,
+  config,
+  lib,
+  self,
+  ...
+}: let
+  inherit (lib) mkIf;
+  inherit (config.ooknet.host) admin;
+  inherit (config.networking) hostName;
+
+  mkBuilderMachine = {
+    host,
+    speedFactor,
+    systems ? ["x86_64-linux"],
+    supportedFeatures ? ["big-parallel" "kvm" "nixos-test"],
+  }: {
+    inherit speedFactor systems supportedFeatures;
+    hostName = host;
+    maxJobs = self.nixosConfigurations.${host}.config.nix.settings.max-jobs or "auto";
+    protocol = "ssh";
+    sshKey = "/home/${admin.name}/.ssh/builder";
+  };
+
+  builders = {
+    ooksdesk = mkBuilderMachine {
+      host = "ooksdesk";
+      speedFactor = 16;
+    };
+    ooksmedia = mkBuilderMachine {
+      host = "ooksmedia";
+      speedFactor = 8;
+    };
+  };
+in {
+  users = mkIf (hostName == "ooksdesk" || hostName == "ooksmedia") {
+    groups.builder = {};
+    users.builder = {
+      createHome = false;
+      isSystemUser = true;
+      useDefaultShell = true;
+      group = "builder";
+      openssh.authorizedKeys.keys = [
+        ''
+          command="nix-daemon --stdio",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ${keys.users.${admin.name}}
+        ''
+      ];
+    };
+  };
+  nix = {
+    distributedBuilds = true;
+    buildMachines =
+      if hostName == "ooksdesk"
+      then []
+      else if hostName == "ooksmedia"
+      then [builders.ooksdesk]
+      else [builders.ooksdesk builders.ooksmedia];
+  };
+}
diff --git a/modules/nixos/base/nix.nix b/modules/nixos/base/nix.nix
index 1ea9590..d79ed4e 100644
--- a/modules/nixos/base/nix.nix
+++ b/modules/nixos/base/nix.nix
@@ -44,8 +44,9 @@ in {
     settings = {
       trusted-users = ["@wheel" "root" "builder"];
       experimental-features = ["nix-command" "flakes"];
-      accept-flake-config = true;
+      accept-flake-config = false;
       auto-optimise-store = true;
+      warn-dirty = false;
       # cache
       substituters = [
         "https://cache.nixos.org?priority=10"
@@ -57,7 +58,6 @@ in {
         "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
         "neovim-flake.cachix.org-1:iyQ6lHFhnB5UkVpxhQqLJbneWBTzM8LBYOFPLNH4qZw="
       ];
-      # TODO: setup builders -- builders-use-substitutes = true;
     };
   };
   nixpkgs = {