diff --git a/system-config/configuration/homebox/default.nix b/system-config/configuration/homebox/default.nix
index 95fffb4..68b6796 100644
--- a/system-config/configuration/homebox/default.nix
+++ b/system-config/configuration/homebox/default.nix
@@ -25,25 +25,6 @@
             binfmt.emulatedSystems = lib.mkIf config.sysconfig.remoteBuildHost [ "aarch64-linux" ];
         };
 
-        nix.settings.trusted-users = lib.mkIf config.sysconfig.remoteBuildHost [ "remote-builder" ];
-
-        users.users."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost {
-            isNormalUser = true;
-            createHome = false;
-        };
-
-        sops.templates."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost {
-            content = builtins.concatStringsSep ''''\n'' (builtins.map 
-                    (y: config.sops.placeholder.${y}) 
-                    (builtins.partition 
-                     (x: (builtins.match "^remoteBuildClientKeys/.+" x) != null) 
-                     (builtins.attrNames config.sops.secrets)
-                    ).right
-                    );
-            path = "/etc/ssh/authorized_keys.d/remote-builder";
-            owner = "remote-builder";
-        };
-
         hardware = {
 
             graphics.enable = true;
diff --git a/system-config/default.nix b/system-config/default.nix
index a01d961..0e83b32 100644
--- a/system-config/default.nix
+++ b/system-config/default.nix
@@ -69,6 +69,7 @@
             settings = {
                 experimental-features = [ "nix-command" "flakes" ];
                 builders-use-substitutes = lib.mkIf config.sysconfig.remoteBuildClient true;
+                trusted-users = lib.mkIf config.sysconfig.remoteBuildHost [ "remote-builder" ];
             };
 
             distributedBuilds = config.sysconfig.remoteBuildClient;
@@ -88,6 +89,23 @@
             ];
         };
 
+        users.users."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost {
+            isNormalUser = true;
+            createHome = false;
+        };
+
+        sops.templates."remote-builder" = lib.mkIf config.sysconfig.remoteBuildHost {
+            content = builtins.concatStringsSep ''''\n'' (builtins.map 
+                    (y: config.sops.placeholder.${y}) 
+                    (builtins.partition 
+                     (x: (builtins.match "^remoteBuildClientKeys/.+" x) != null) 
+                     (builtins.attrNames config.sops.secrets)
+                    ).right
+                    );
+            path = "/etc/ssh/authorized_keys.d/remote-builder";
+            owner = "remote-builder";
+        };
+
         time.timeZone = lib.mkDefault "America/Chicago";
 
         i18n = lib.mkDefault {