diff --git a/configuration/common/programs.nix b/configuration/common/programs.nix
index afb6e4f..b37a656 100644
--- a/configuration/common/programs.nix
+++ b/configuration/common/programs.nix
@@ -7,6 +7,7 @@
     htop
     parted
     tmux
+    bij
     colmena
     vim
     agenix
diff --git a/flake.lock b/flake.lock
index 5672aa4..63d1fe7 100644
--- a/flake.lock
+++ b/flake.lock
@@ -21,6 +21,26 @@
         "type": "github"
       }
     },
+    "bij": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1712512137,
+        "narHash": "sha256-crxzFc3lc/ViHYVK+IKmIbifxF6zyHgSwhBKd0lLgWE=",
+        "ref": "refs/heads/main",
+        "rev": "221052d8465f0a4437cb8cae3cc9998c87e88f68",
+        "revCount": 2,
+        "type": "git",
+        "url": "https://git.clerie.de/clerie/bij.git"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://git.clerie.de/clerie/bij.git"
+      }
+    },
     "chaosevents": {
       "inputs": {
         "nixpkgs": [
@@ -229,6 +249,7 @@
     "root": {
       "inputs": {
         "agenix": "agenix",
+        "bij": "bij",
         "chaosevents": "chaosevents",
         "fernglas": "fernglas",
         "fieldpoc": "fieldpoc",
diff --git a/flake.nix b/flake.nix
index ac69e14..aa59880 100644
--- a/flake.nix
+++ b/flake.nix
@@ -7,6 +7,10 @@
       url = "github:ryantm/agenix";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    bij = {
+      url = "git+https://git.clerie.de/clerie/bij.git";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
     chaosevents = {
       url = "git+https://git.clerie.de/clerie/chaosevents.git";
       inputs.nixpkgs.follows = "nixpkgs";
diff --git a/hosts/hydra-1/configuration.nix b/hosts/hydra-1/configuration.nix
index 7bd2095..06309ea 100644
--- a/hosts/hydra-1/configuration.nix
+++ b/hosts/hydra-1/configuration.nix
@@ -26,7 +26,7 @@
   networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];
 
   nix = {
-    settings.allowed-uris = "http: https: github:";
+    settings.allowed-uris = "http: https: git+https: github:";
     distributedBuilds = true;
     buildMachines = [
       {
diff --git a/hosts/hydra-2/configuration.nix b/hosts/hydra-2/configuration.nix
index 8dc1418..e738724 100644
--- a/hosts/hydra-2/configuration.nix
+++ b/hosts/hydra-2/configuration.nix
@@ -26,7 +26,7 @@
   networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];
 
   # Allow Hydra to fetch remote URLs in restricted mode
-  nix.settings.allowed-uris = "http: https: github:";
+  nix.settings.allowed-uris = "http: https: git+https: github:";
 
   services.openssh.settings= {
    PermitRootLogin = "yes";
diff --git a/lib/flake-helper.nix b/lib/flake-helper.nix
index 62e549a..1f28cdb 100644
--- a/lib/flake-helper.nix
+++ b/lib/flake-helper.nix
@@ -1,4 +1,4 @@
-{ self, nixpkgs, agenix, chaosevents, fernglas, fieldpoc, nixos-exporter, solid-xmpp-alarm, ... }@inputs:
+{ self, nixpkgs, agenix, bij, chaosevents, fernglas, fieldpoc, nixos-exporter, solid-xmpp-alarm, ... }@inputs:
 
 rec {
   generateNixosSystem = {
@@ -30,6 +30,8 @@ rec {
           (_: _: {
             inherit (agenix.packages."x86_64-linux")
               agenix;
+            inherit (bij.packages."${system}")
+              bij;
             inherit (chaosevents.packages."x86_64-linux")
               chaosevents;
            })
@@ -57,7 +59,7 @@ rec {
 
   generateColmenaHost = name: hostSystem: {
     deployment = {
-      targetHost = "${name}.net.clerie.de";
+      targetHost = hostSystem.config.networking.fqdn;
       targetUser = null;
       tags = let
         group = nixpkgs.lib.attrByPath [ "clerie" "monitoring" "serviceLevel" ] null hostSystem.config;