diff --git a/common/base-server/default.nix b/common/base-server/default.nix
index 47a82fa..9e6125c 100644
--- a/common/base-server/default.nix
+++ b/common/base-server/default.nix
@@ -13,6 +13,5 @@ in
     # Allow remote deployment with colmena
     deployment.targetUser = null;
     security.sudo.wheelNeedsPassword = false;
-    nix.settings.trusted-users = [ "@wheel" ];
   };
 }
diff --git a/common/nix.nix b/common/nix.nix
index 3eb2193..12ebcf7 100644
--- a/common/nix.nix
+++ b/common/nix.nix
@@ -9,6 +9,7 @@
   };
   nix.nixPath = [ "nixpkgs=flake:nixpkgs" ];
   nixpkgs.config.allowUnfree = true;
+  nix.settings.trusted-users = [ "@wheel" ];
 
   # this is a dependency of feishin (used in qenya's home-manager). it does not actually have a known vulnerability,
   # it's just unsuspported because Electron's support cycle is a ludicrously short 6 months.