diff --git a/configuration/hydra-build-machine/default.nix b/configuration/hydra-build-machine/default.nix
new file mode 100644
index 0000000..b27bef5
--- /dev/null
+++ b/configuration/hydra-build-machine/default.nix
@@ -0,0 +1,16 @@
+{ ... }:
+
+{
+
+  # Allow Hydra to fetch remote URLs in restricted mode
+  nix.settings.allowed-uris = "http: https: git+https: github:";
+
+  services.openssh.settings= {
+   PermitRootLogin = "yes";
+  };
+
+  users.extraUsers.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMv8Lbca/CR4das3HJ2F/sQ9dA7kdGS1hSVTt5lX4diP root@hydra-1"
+  ];
+
+}
diff --git a/flake.lock b/flake.lock
index bcb95f2..77b5df6 100644
--- a/flake.lock
+++ b/flake.lock
@@ -283,11 +283,11 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1713537308,
-        "narHash": "sha256-XtTSSIB2DA6tOv+l0FhvfDMiyCmhoRbNB+0SeInZkbk=",
+        "lastModified": 1713714899,
+        "narHash": "sha256-+z/XjO3QJs5rLE5UOf015gdVauVRQd2vZtsFkaXBq2Y=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "5c24cf2f0a12ad855f444c30b2421d044120c66f",
+        "rev": "6143fc5eeb9c4f00163267708e26191d1e918932",
         "type": "github"
       },
       "original": {
diff --git a/hosts/hydra-1/build-machines.nix b/hosts/hydra-1/build-machines.nix
new file mode 100644
index 0000000..36c001e
--- /dev/null
+++ b/hosts/hydra-1/build-machines.nix
@@ -0,0 +1,36 @@
+{ ... }:
+
+{
+
+  nix = {
+    distributedBuilds = true;
+    buildMachines = [
+      {
+        hostName = "hydra-1.net.clerie.de";
+        sshUser = "root";
+        systems = [
+          "x86_64-linux"
+          "armv6l-linux"
+          "armv7l-linux"
+          "aarch64-linux"
+        ];
+        sshKey = "/var/lib/hydra/id_ed25519";
+      }
+      {
+        hostName = "hydra-2.net.clerie.de";
+        sshUser = "root";
+        systems = [
+          "x86_64-linux"
+          "armv6l-linux"
+          "armv7l-linux"
+          "aarch64-linux"
+        ];
+        sshKey = "/var/lib/hydra/id_ed25519";
+      }
+    ];
+  };
+
+  programs.ssh.knownHosts."hydra-1.net.clerie.de".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE2xQBCsFBCwL9n4OP/bPngtNO1fy9kPw13Z/NDoba16 root@hydra-1";
+  programs.ssh.knownHosts."hydra-2.net.clerie.de".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZED9QM+qe7sB6R6atvP6WNaI2sC2nh7TTsD6kgRpnr root@hydra-2";
+
+}
diff --git a/hosts/hydra-1/configuration.nix b/hosts/hydra-1/configuration.nix
index 8179409..bc31992 100644
--- a/hosts/hydra-1/configuration.nix
+++ b/hosts/hydra-1/configuration.nix
@@ -5,6 +5,11 @@
     [
       ./hardware-configuration.nix
       ../../configuration/proxmox-vm
+      ../../configuration/hydra-build-machine
+
+      ./build-machines.nix
+      ./hydra.nix
+      ./nix-cache.nix
     ];
 
   boot.loader.grub.enable = true;
@@ -25,94 +30,7 @@
   networking.defaultGateway = { address = "192.168.10.1"; interface = "ens19"; };
   networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];
 
-  nix = {
-    settings.allowed-uris = "http: https: git+https: github:";
-    distributedBuilds = true;
-    buildMachines = [
-      {
-        hostName = "localhost";
-        systems = [
-          "x86_64-linux"
-          "armv6l-linux"
-          "armv7l-linux"
-          "aarch64-linux"
-        ];
-      }
-      {
-        hostName = "hydra-2.net.clerie.de";
-        sshUser = "root";
-        systems = [
-          "x86_64-linux"
-          "armv6l-linux"
-          "armv7l-linux"
-          "aarch64-linux"
-        ];
-        sshKey = "/var/lib/hydra/id_ed25519";
-        publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSURaRUQ5UU0rcWU3c0I2UjZhdHZQNldOYUkyc0Mybmg3VFRzRDZrZ1JwbnIgcm9vdEBoeWRyYS0yCg==";
-      }
-    ];
-  };
-
-  programs.ssh.knownHosts."hydra-1.net.clerie.de".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE2xQBCsFBCwL9n4OP/bPngtNO1fy9kPw13Z/NDoba16 root@hydra-1";
-  programs.ssh.knownHosts."hydra-2.net.clerie.de".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZED9QM+qe7sB6R6atvP6WNaI2sC2nh7TTsD6kgRpnr root@hydra-2";
-
-  services.openssh.settings = {
-    PermitRootLogin = "yes";
-  };
-
-  users.extraUsers.root.openssh.authorizedKeys.keys = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMv8Lbca/CR4das3HJ2F/sQ9dA7kdGS1hSVTt5lX4diP root@hydra-1"
-  ];
-
-  services.hydra = {
-    enable = true;
-    port = 3001;
-    hydraURL = "https://hydra.clerie.de";
-    listenHost = "localhost";
-    notificationSender = "noreply@hydra.clerie.de";
-    useSubstitutes = true;
-    extraConfig = ''
-      binary_cache_public_uri = https://nix-cache.clerie.de
-    '';
-  };
-
-  services.harmonia = {
-    enable = true;
-    settings.bind = "[::1]:5005";
-    signKeyPath = config.sops.secrets.nix-cache-key.path;
-  };
-
   services.nginx.enable = true;
-  services.nginx.virtualHosts = {
-    "hydra.clerie.de" = {
-      enableACME = true;
-      forceSSL = true;
-      locations = {
-        "/" = {
-          proxyPass = "http://localhost:3001";
-        };
-      };
-    };
-    "nix-cache.clerie.de" = {
-      enableACME = true;
-      forceSSL = true;
-      locations."= /" = {
-        return = ''200 'Nix Cache by clerie\n\nPublic key:\n\n  nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g=\n\nNixOS Configuration:\n\n  nix.settings = {\n    substituters = [\n      "https://nix-cache.clerie.de"\n    ];\n    trusted-public-keys = [\n      "nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g="\n    ];\n  }\n\nTry:\n\n  nix build --substituters "https://nix-cache.clerie.de" \\\n  --trusted-public-keys "nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g=" \\\n  "git+https://git.clerie.de/clerie/fieldpoc.git#fieldpoc"\n\n.-*..*-.' '';
-        extraConfig = ''
-          types { } default_type "text/plain; charset=utf-8";
-        '';
-      };
-      locations."/" = {
-        proxyPass = "http://[::1]:5005";
-        extraConfig = ''
-          proxy_redirect http:// https://;
-          proxy_http_version 1.1;
-          proxy_set_header Upgrade $http_upgrade;
-          proxy_set_header Connection $connection_upgrade;
-        '';
-      };
-    };
-  };
 
   networking.firewall.allowedTCPPorts = [ 80 443 ];
 
diff --git a/hosts/hydra-1/hydra.nix b/hosts/hydra-1/hydra.nix
new file mode 100644
index 0000000..1ab8fee
--- /dev/null
+++ b/hosts/hydra-1/hydra.nix
@@ -0,0 +1,28 @@
+{ ... }:
+
+{
+  services.hydra = {
+    enable = true;
+    port = 3001;
+    hydraURL = "https://hydra.clerie.de";
+    listenHost = "localhost";
+    notificationSender = "noreply@hydra.clerie.de";
+    useSubstitutes = true;
+    extraConfig = ''
+      binary_cache_public_uri = https://nix-cache.clerie.de
+    '';
+  };
+
+  services.nginx.virtualHosts = {
+    "hydra.clerie.de" = {
+      enableACME = true;
+      forceSSL = true;
+      locations = {
+        "/" = {
+          proxyPass = "http://localhost:3001";
+        };
+      };
+    };
+  };
+
+}
diff --git a/hosts/hydra-1/nix-cache.nix b/hosts/hydra-1/nix-cache.nix
new file mode 100644
index 0000000..fbfc206
--- /dev/null
+++ b/hosts/hydra-1/nix-cache.nix
@@ -0,0 +1,33 @@
+{ config, pkgs, ... }:
+
+{
+
+  services.harmonia = {
+    enable = true;
+    settings.bind = "[::1]:5005";
+    signKeyPath = config.sops.secrets.nix-cache-key.path;
+  };
+
+  services.nginx.virtualHosts = {
+    "nix-cache.clerie.de" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."= /" = {
+        return = ''200 'Nix Cache by clerie\n\nPublic key:\n\n  nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g=\n\nNixOS Configuration:\n\n  nix.settings = {\n    substituters = [\n      "https://nix-cache.clerie.de"\n    ];\n    trusted-public-keys = [\n      "nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g="\n    ];\n  }\n\nTry:\n\n  nix build --substituters "https://nix-cache.clerie.de" \\\n  --trusted-public-keys "nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g=" \\\n  "git+https://git.clerie.de/clerie/fieldpoc.git#fieldpoc"\n\n.-*..*-.' '';
+        extraConfig = ''
+          types { } default_type "text/plain; charset=utf-8";
+        '';
+      };
+      locations."/" = {
+        proxyPass = "http://[::1]:5005";
+        extraConfig = ''
+          proxy_redirect http:// https://;
+          proxy_http_version 1.1;
+          proxy_set_header Upgrade $http_upgrade;
+          proxy_set_header Connection $connection_upgrade;
+        '';
+      };
+    };
+  };
+
+}
diff --git a/hosts/hydra-2/configuration.nix b/hosts/hydra-2/configuration.nix
index e738724..418600b 100644
--- a/hosts/hydra-2/configuration.nix
+++ b/hosts/hydra-2/configuration.nix
@@ -5,6 +5,7 @@
     [
       ./hardware-configuration.nix
       ../../configuration/proxmox-vm
+      ../../configuration/hydra-build-machine
     ];
 
   boot.loader.grub.enable = true;
@@ -25,17 +26,6 @@
   networking.defaultGateway = { address = "141.24.50.1"; interface = "ens18"; };
   networking.nameservers = [ "2001:638:904:ffcc::3" "2001:638:904:ffcc::4" "141.24.40.3" "141.24.40.4" ];
 
-  # Allow Hydra to fetch remote URLs in restricted mode
-  nix.settings.allowed-uris = "http: https: git+https: github:";
-
-  services.openssh.settings= {
-   PermitRootLogin = "yes";
-  };
-
-  users.extraUsers.root.openssh.authorizedKeys.keys = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMv8Lbca/CR4das3HJ2F/sQ9dA7kdGS1hSVTt5lX4diP root@hydra-1"
-  ];
-
   clerie.monitoring = {
     enable = true;
     id = "211";