diff --git a/hosts/common/users/root.nix b/hosts/common/users/root.nix
index fcc1463ac..cbcf45390 100644
--- a/hosts/common/users/root.nix
+++ b/hosts/common/users/root.nix
@@ -7,24 +7,4 @@
     # - `/root/.cache/mesa_shader_cache` takes up 1-2 MB on moby
     { path = "/root"; user = "root"; group = "root"; mode = "0700"; }
   ];
-
-  sane.users.root = {
-    home = "/root";
-    fs.".ssh/nixremote".symlink.target = config.sops.secrets."nixremote_ssh_key".path;
-    fs.".ssh/nixremote.pub".symlink.text = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG4KI7I2w5SvXRgUrXYiuBXPuTL+ZZsPoru5a2YkIuCf";
-    fs.".ssh/config".symlink.text = ''
-      # root -> <other nix host> happens for remote builds
-      # provide the auth, and instruct which remote user to login as:
-      Host desko
-        # Prevent using ssh-agent or another keyfile
-        IdentitiesOnly yes
-        IdentityFile /root/.ssh/nixremote
-        User nixremote
-      Host servo
-        # Prevent using ssh-agent or another keyfile
-        IdentitiesOnly yes
-        IdentityFile /root/.ssh/nixremote
-        User nixremote
-    '';
-  };
 }
diff --git a/hosts/modules/nixcache.nix b/hosts/modules/nixcache.nix
index a6343aa1a..cc87af783 100644
--- a/hosts/modules/nixcache.nix
+++ b/hosts/modules/nixcache.nix
@@ -68,7 +68,8 @@ in
       speedFactor = 8;
       supportedFeatures = [ "big-parallel" ];
       mandatoryFeatures = [ ];
-      # TODO: define sshUser and sshKey here instead of in hosts/common/users/root.nix
+      sshUser = "nixremote";
+      sshKey = config.sops.secrets."nixremote_ssh_key".path;
     }];
     nix.distributedBuilds = lib.mkIf cfg.remote-builders.desko true;
     # optional, useful when the builder has a faster internet connection than yours