diff --git a/hosts/youko/default.nix b/hosts/youko/default.nix
index 3a2fe49..992cca2 100644
--- a/hosts/youko/default.nix
+++ b/hosts/youko/default.nix
@@ -1,3 +1,17 @@
+{ config, lib, ... }:
+let
+  builderUsers = lib.pipe config.assets.sshKeys.system [
+    (lib.filterAttrs (
+      name: _:
+      !lib.elem name [
+        "youko"
+        "kazuki"
+        "ude"
+      ]
+    ))
+    lib.attrValues
+  ];
+in
 {
   configurations.nixos.youko =
     {
@@ -31,6 +45,11 @@
         settei.desktop.enable = true;
       };
 
+      settei.remote-builder = {
+        enable = true;
+        sshKeys = builderUsers;
+      };
+
       services.udisks2.enable = true;
       settei.incus.enable = true;
       virtualisation.podman.enable = true;
diff --git a/modules/system/builder.nix b/modules/system/builder.nix
new file mode 100644
index 0000000..eaf25d4
--- /dev/null
+++ b/modules/system/builder.nix
@@ -0,0 +1,44 @@
+{ isLinux }:
+{ lib, pkgs, ... }:
+let
+  cfg = config.settei.remote-builder;
+
+  sharedConfig = {
+    users.users.${cfg.user} = {
+      shell = pkgs.bash;
+      openssh.authorizedKeys.keys = cfg.sshKeys;
+    };
+
+    nix.settings.trusted-users = [ cfg.user ];
+  };
+
+  linuxConfig = lib.optionalAttrs isLinux {
+    users.users.${cfg.user} = {
+      isSystemUser = true;
+      group = cfg.user;
+    };
+    users.groups.${cfg.user} = { };
+  };
+
+  config = lib.mkMerge [
+    sharedConfig
+    linuxConfig
+  ];
+in
+{
+  _file = ./builder.nix;
+
+  options.settei.remote-builder = {
+    enable = lib.mkEnableOption "configuring this machine as a remote builder";
+    user = lib.mkOption {
+      type = lib.types.str;
+      default = "nixremote";
+    };
+    sshKeys = lib.mkOption {
+      type = lib.types.listOf lib.types.singleLineStr;
+      default = [ ];
+    };
+  };
+
+  config = lib.mkIf cfg.enable config;
+}
diff --git a/modules/system/default.nix b/modules/system/default.nix
index 4b82bd1..1c7fe71 100644
--- a/modules/system/default.nix
+++ b/modules/system/default.nix
@@ -26,6 +26,7 @@
     (import ./github-runner.nix { inherit isLinux; })
     (import ./incus.nix { inherit isLinux; })
     (import ./monitoring.nix { inherit isLinux; })
+    (import ./builder.nix { inherit isLinux; })
   ];
 
   options.settei = with lib; {