diff --git a/ops/nixos/cofractal-ams01/default.nix b/ops/nixos/cofractal-ams01/default.nix
index 880596c488..7dd8d6ec73 100644
--- a/ops/nixos/cofractal-ams01/default.nix
+++ b/ops/nixos/cofractal-ams01/default.nix
@@ -61,7 +61,7 @@ in
     ../lib/bgp.nix
     ../lib/whitby-distributed.nix
     ../lib/nixbuild-distributed.nix
-    ../lib/gitlab-runner-cacher.nix
+    #../lib/gitlab-runner-cacher.nix
     ../lib/coredns/default.nix
     ../lib/deluge.nix
     ../lib/plex.nix
diff --git a/ops/nixos/rexxar/default.nix b/ops/nixos/rexxar/default.nix
index 05662484c2..8fe646fd2b 100644
--- a/ops/nixos/rexxar/default.nix
+++ b/ops/nixos/rexxar/default.nix
@@ -7,6 +7,8 @@
   imports = [
     ../lib/zfs.nix
     ../lib/bgp.nix
+    ../lib/gitlab-runner-cacher.nix
+    #../lib/nixbuild-distributed.nix  # error: build of '/nix/store/3r7456yr8r9g4fl7w6xbgqlbsdjwfvr4-stdlib-pkgs.json.drv' on 'ssh://eu.nixbuild.net' failed: unexpected: Built outputs are invalid
   ];
 
   # Otherwise _this_ machine won't enumerate things properly.
@@ -66,7 +68,7 @@
     rsync -a /boot/ /boot2/
   '';
 
-  nix.settings.max-jobs = lib.mkDefault 8;
+  nix.settings.max-jobs = lib.mkDefault 64;
 
   # Networking!
   networking = {
@@ -212,5 +214,7 @@
     (bindMountSvc "/var/lib/libvirt" "libvirt.service")
   ];
 
+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+
   system.stateVersion = "24.05";
 }
diff --git a/ops/vault/cfg/binary-cache-deployer.nix b/ops/vault/cfg/binary-cache-deployer.nix
index 088f2e9393..310702db9e 100644
--- a/ops/vault/cfg/binary-cache-deployer.nix
+++ b/ops/vault/cfg/binary-cache-deployer.nix
@@ -25,4 +25,9 @@
       capabilities = ["read"]
     }
   '';
+  my.servers.rexxar.appPolicies.gitlab-runner = ''
+    path "''${vault_gcp_secret_roleset.binary_cache_deployer.backend}/roleset/''${vault_gcp_secret_roleset.binary_cache_deployer.roleset}/token" {
+      capabilities = ["read"]
+    }
+  '';
 }
diff --git a/ops/vault/cfg/lukegbcom-deployer.nix b/ops/vault/cfg/lukegbcom-deployer.nix
index e98cbd055a..bbb442807b 100644
--- a/ops/vault/cfg/lukegbcom-deployer.nix
+++ b/ops/vault/cfg/lukegbcom-deployer.nix
@@ -29,4 +29,9 @@
       capabilities = ["read"]
     }
   '';
+  my.servers.rexxar.appPolicies.gitlab-runner = ''
+    path "''${vault_gcp_secret_roleset.lukegbcom_deployer.backend}/roleset/''${vault_gcp_secret_roleset.lukegbcom_deployer.roleset}/token" {
+      capabilities = ["read"]
+    }
+  '';
 }