diff --git a/profiles/remote-builders.nix b/profiles/remote-builders.nix
index 4b1a0d2..e36089b 100644
--- a/profiles/remote-builders.nix
+++ b/profiles/remote-builders.nix
@@ -57,8 +57,13 @@ let
       '';
 
       sops.secrets = lib.mkIf (lib.hasPrefix "/run/secrets/" (thatHost.ssh.userPrivateKey or "")) {
-        "${lib.removePrefix "/run/secrets/" thatHost.ssh.userPrivateKey}" = {};
+        "${lib.removePrefix "/run/secrets/" thatHost.ssh.userPrivateKey}" = {
+          mode = "0440";
+          group = "nix-community-builder";
+        };
       };
+      users.groups.nix-community-builder = {};
+
     })
     # in
     (mkIf ((thisHostIsBuilder || thisHostIsHopHost) && thatHostIsConsumer) {
diff --git a/users/pbsds/default.nix b/users/pbsds/default.nix
index 0c458c5..9dfd2e3 100644
--- a/users/pbsds/default.nix
+++ b/users/pbsds/default.nix
@@ -42,6 +42,7 @@
     extraGroups = [
       "pbsds"
       "users" # backward compat
+      "nix-community-builder"
       "networkmanager"
       "audio"
       "sound"
diff --git a/users/pbsds/home/profiles/ssh.nix b/users/pbsds/home/profiles/ssh.nix
index a440189..d5773cc 100644
--- a/users/pbsds/home/profiles/ssh.nix
+++ b/users/pbsds/home/profiles/ssh.nix
@@ -41,7 +41,7 @@
     "rocm.pbsds.net".proxyJump = "isvegg.pvv.ntnu.no";
 
     # nix-community
-    /* "darwin-build-box.nix-community.org" = {}; */
+    "darwin-build-box.nix-community.org" = {};
 
     # ntnu
     "garmr.idi.ntnu.no".forwardX11 = true;