diff --git a/firestar/builder.nix b/firestar/builder.nix
new file mode 100644
index 0000000..9586e16
--- /dev/null
+++ b/firestar/builder.nix
@@ -0,0 +1,17 @@
+{
+  users = {
+    groups.builder = {};
+    users.builder = {
+      description = "NixOS Builder user";
+      group = "builder";
+      isNormalUser = true;
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIvRmuGz5yFAmIRhAOMvbB322aUXaK8Wuc1yqI84fuvM asonix@firestar"
+      ];
+    };
+  };
+
+  nix.extraOptions = ''
+  trusted-users = root builder
+  '';
+}
diff --git a/firestar/default.nix b/firestar/default.nix
index b8fab95..880b494 100644
--- a/firestar/default.nix
+++ b/firestar/default.nix
@@ -11,6 +11,7 @@
       ./btrbk.nix
       ./hardware-configuration.nix
       ./wireguard.nix
+      ./builder.nix
     ];
 
   # Nix cache