diff --git a/configurations/nixos/forgejo-runner-tofu/default.nix b/configurations/nixos/forgejo-runner-tofu/default.nix
index 72c8b0a..c61909a 100644
--- a/configurations/nixos/forgejo-runner-tofu/default.nix
+++ b/configurations/nixos/forgejo-runner-tofu/default.nix
@@ -18,12 +18,20 @@ in
   ];
 
   nix.settings = {
-    allowed-users = [ "gitea-runner" ];
-    trusted-users = [ "gitea-runner" ];
+    allowed-users = [
+      "root"
+      "@wheel"
+      "@builders"
+      "gitea-runner"
+    ];
+    trusted-users = [
+      "root"
+      "gitea-runner"
+    ];
   };
   sops.secrets.forgejo-runners-token = {
-    # owner = "gitea-runner";
-    # group = "gitea-runner";
+    owner = "gitea-runner";
+    group = "gitea-runner";
     mode = "0777";
   };
   services.gitea-actions-runner = {
diff --git a/modules/flake/deploy.nix b/modules/flake/deploy.nix
index d5f1f3e..3333eb7 100644
--- a/modules/flake/deploy.nix
+++ b/modules/flake/deploy.nix
@@ -53,7 +53,7 @@ in
     autoRollback = false;
     magicRollback = true;
     user = "root";
-    remoteBuild = true;
+    # remoteBuild = true;
     nodes = lib.mapAttrs genNode deployableNodes;
   };
 }
diff --git a/modules/nixos/common/default.nix b/modules/nixos/common/default.nix
index 7ce1b90..00b1b8e 100644
--- a/modules/nixos/common/default.nix
+++ b/modules/nixos/common/default.nix
@@ -8,11 +8,15 @@
     ];
   zramSwap.enable = true;
   nixpkgs.hostPlatform = "x86_64-linux";
-  nixpkgs.overlays = [ flake.inputs.self.overlays.default ];
+  nixpkgs.overlays = [
+    flake.inputs.self.overlays.default
+    # flake.inputs.deploy-rs.overlays.default
+  ];
   services.tailscale = {
     enable = true;
   };
   environment.systemPackages = with pkgs; [
     git
+    deploy-rs
   ];
 }