diff --git a/ops/nixos/cofractal-ams01/default.nix b/ops/nixos/cofractal-ams01/default.nix
index d6fb22bb01..8b7ec6d5ea 100644
--- a/ops/nixos/cofractal-ams01/default.nix
+++ b/ops/nixos/cofractal-ams01/default.nix
@@ -47,6 +47,7 @@ in
   imports = [
     ../lib/zfs.nix
     ../lib/bgp.nix
+    ../lib/whitby-distributed.nix
     ../lib/nixbuild-distributed.nix
     ../lib/gitlab-runner-cacher.nix
     ../lib/coredns/default.nix
diff --git a/ops/nixos/lib/nixbuild-distributed.nix b/ops/nixos/lib/nixbuild-distributed.nix
index 886c79abbb..14a58450f0 100644
--- a/ops/nixos/lib/nixbuild-distributed.nix
+++ b/ops/nixos/lib/nixbuild-distributed.nix
@@ -4,7 +4,7 @@
 
 { config, lib, ... }:
 {
-  imports = [ ./vault-agent-secrets.nix ];
+  imports = [ ./nixbuild-key.nix ];
 
   # Distributed builds!
   nix.buildMachines = lib.mkAfter [{
@@ -27,22 +27,6 @@
     builders-use-substitutes = true
   '';
 
-  my.vault.secrets.id_ed25519_nixbuild = {
-    group = "users";
-    template = ''
-      {{ with secret "kv/apps/nixbuild" -}}
-      {{ .Data.data.id_ed25519_nixbuild }}
-      {{- end }}
-    '';
-  };
-  my.vault.secrets."id_ed25519_nixbuild.pub" = {
-    group = "users";
-    template = ''
-      {{ with secret "kv/apps/nixbuild" -}}
-      {{ .Data.data.id_ed25519_nixbuild_pub }}
-      {{- end }}
-    '';
-  };
   programs.ssh.extraConfig = ''
     Host eu.nixbuild.net
       PubkeyAcceptedKeyTypes ssh-ed25519
diff --git a/ops/nixos/lib/nixbuild-key.nix b/ops/nixos/lib/nixbuild-key.nix
new file mode 100644
index 0000000000..5e0a1355c1
--- /dev/null
+++ b/ops/nixos/lib/nixbuild-key.nix
@@ -0,0 +1,25 @@
+# SPDX-FileCopyrightText: 2023 Luke Granger-Brown <depot@lukegb.com>
+#
+# SPDX-License-Identifier: Apache-2.0
+
+{ config, lib, ... }:
+{
+  imports = [ ./vault-agent-secrets.nix ];
+
+  my.vault.secrets.id_ed25519_nixbuild = {
+    group = "users";
+    template = ''
+      {{ with secret "kv/apps/nixbuild" -}}
+      {{ .Data.data.id_ed25519_nixbuild }}
+      {{- end }}
+    '';
+  };
+  my.vault.secrets."id_ed25519_nixbuild.pub" = {
+    group = "users";
+    template = ''
+      {{ with secret "kv/apps/nixbuild" -}}
+      {{ .Data.data.id_ed25519_nixbuild_pub }}
+      {{- end }}
+    '';
+  };
+}
diff --git a/ops/nixos/lib/whitby-distributed.nix b/ops/nixos/lib/whitby-distributed.nix
index 51eb94c829..193121a3e3 100644
--- a/ops/nixos/lib/whitby-distributed.nix
+++ b/ops/nixos/lib/whitby-distributed.nix
@@ -2,11 +2,13 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 
-{ lib, ... }:
+{ lib, config, ... }:
 {
+  imports = [ ./nixbuild-key.nix ];
+
   # Distributed builds!
   nix.buildMachines = lib.mkAfter [ {
-    hostName = "whitby";
+    hostName = "whitby-build";
     system = "x86_64-linux";
     maxJobs = 64;
     speedFactor = 4;
@@ -17,4 +19,17 @@
   nix.extraOptions = ''
     builders-use-substitutes = true
   '';
+
+  programs.ssh.extraConfig = ''
+    Host whitby-build
+      User lukegb
+      PubkeyAcceptedKeyTypes ssh-ed25519
+      IdentityFile ${config.my.vault.secrets.id_ed25519_nixbuild.path}
+  '';
+  programs.ssh.knownHosts = {
+    whitby-build = {
+      hostNames = [ "whitby.tvl.fyi" "whitby-build" ];
+      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNh/w4BSKov0jdz3gKBc98tpoLta5bb87fQXWBhAl2I";
+    };
+  };
 }