diff --git a/configuration/hydra-build-machine/default.nix b/configuration/hydra-build-machine/default.nix
new file mode 100644
index 0000000..b27bef5
--- /dev/null
+++ b/configuration/hydra-build-machine/default.nix
@@ -0,0 +1,16 @@
+{ ... }:
+
+{
+
+  # Allow Hydra to fetch remote URLs in restricted mode
+  nix.settings.allowed-uris = "http: https: git+https: github:";
+
+  services.openssh.settings= {
+   PermitRootLogin = "yes";
+  };
+
+  users.extraUsers.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMv8Lbca/CR4das3HJ2F/sQ9dA7kdGS1hSVTt5lX4diP root@hydra-1"
+  ];
+
+}
diff --git a/hosts/hydra-1/configuration.nix b/hosts/hydra-1/configuration.nix
index 2619065..43298de 100644
--- a/hosts/hydra-1/configuration.nix
+++ b/hosts/hydra-1/configuration.nix
@@ -5,6 +5,7 @@
     [
       ./hardware-configuration.nix
       ../../configuration/proxmox-vm
+      ../../configuration/hydra-build-machine
     ];
 
   boot.loader.grub.enable = true;
@@ -26,7 +27,6 @@
   networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];
 
   nix = {
-    settings.allowed-uris = "http: https: git+https: github:";
     distributedBuilds = true;
     buildMachines = [
       {
@@ -57,14 +57,6 @@
   programs.ssh.knownHosts."hydra-1.net.clerie.de".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE2xQBCsFBCwL9n4OP/bPngtNO1fy9kPw13Z/NDoba16 root@hydra-1";
   programs.ssh.knownHosts."hydra-2.net.clerie.de".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZED9QM+qe7sB6R6atvP6WNaI2sC2nh7TTsD6kgRpnr root@hydra-2";
 
-  services.openssh.settings = {
-    PermitRootLogin = "yes";
-  };
-
-  users.extraUsers.root.openssh.authorizedKeys.keys = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMv8Lbca/CR4das3HJ2F/sQ9dA7kdGS1hSVTt5lX4diP root@hydra-1"
-  ];
-
   services.hydra = {
     enable = true;
     port = 3001;
diff --git a/hosts/hydra-2/configuration.nix b/hosts/hydra-2/configuration.nix
index e738724..418600b 100644
--- a/hosts/hydra-2/configuration.nix
+++ b/hosts/hydra-2/configuration.nix
@@ -5,6 +5,7 @@
     [
       ./hardware-configuration.nix
       ../../configuration/proxmox-vm
+      ../../configuration/hydra-build-machine
     ];
 
   boot.loader.grub.enable = true;
@@ -25,17 +26,6 @@
   networking.defaultGateway = { address = "141.24.50.1"; interface = "ens18"; };
   networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];
 
-  # Allow Hydra to fetch remote URLs in restricted mode
-  nix.settings.allowed-uris = "http: https: git+https: github:";
-
-  services.openssh.settings= {
-   PermitRootLogin = "yes";
-  };
-
-  users.extraUsers.root.openssh.authorizedKeys.keys = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMv8Lbca/CR4das3HJ2F/sQ9dA7kdGS1hSVTt5lX4diP root@hydra-1"
-  ];
-
   clerie.monitoring = {
     enable = true;
     id = "211";