diff --git a/flake.nix b/flake.nix
index 18ed938..636e56b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -150,12 +150,14 @@
 
       systems.hosts.wsl.modules = with inputs; [ nixos-wsl.nixosModules.default ];
     }
-    // {
+    // rec {
       self = inputs.self;
 
       hydraJobs = {
-        loptland = inputs.self.nixosConfigurations.loptland.config.system.build.toplevel;
-        yggdrasil = inputs.self.nixosConfigurations.yggdrasil.config.system.build.toplevel;
+        hosts = lib.mapAttrs (_: cfg: cfg.config.system.build.toplevel) self.outputs.nixosConfigurations;
+
+        # loptland = self.nixosConfigurations.loptland.config.system.build.toplevel;
+        # yggdrasil = self.nixosConfigurations.yggdrasil.config.system.build.toplevel;
       };
     };
 }
diff --git a/modules/nixos/nix/default.nix b/modules/nixos/nix/default.nix
index 278d90a..39c5faa 100644
--- a/modules/nixos/nix/default.nix
+++ b/modules/nixos/nix/default.nix
@@ -56,7 +56,7 @@ in
         users = [
           "root"
           config.${namespace}.user.name
-        ] ++ optional config.services.hydra.enable "hydra";
+        ] ++ optional config.services.hydra.enable "hydra hydra-evaluator hydra-queue-runner";
       in
       {
         package = cfg.package;
@@ -71,6 +71,7 @@ in
             auto-optimise-store = true;
             trusted-users = users;
             allowed-users = users;
+            allowed-uris = "github: gitlab: https://github.com/ git+https://github.com/";
             substituters = [
               cfg.default-substituter.url
             ] ++ (mapAttrsToList (name: value: name) cfg.extra-substituters);
@@ -83,10 +84,6 @@ in
             keep-derivations = true;
           });
 
-        extraOptions = ''
-          allowed-uris = https://github.com/ https://git.christophhollizeck.dev/
-        '';
-
         gc = {
           automatic = true;
           dates = "daily";
diff --git a/systems/x86_64-linux/loptland/default.nix b/systems/x86_64-linux/loptland/default.nix
index 7ca031b..28728f2 100644
--- a/systems/x86_64-linux/loptland/default.nix
+++ b/systems/x86_64-linux/loptland/default.nix
@@ -82,6 +82,15 @@ in
           return = "404";
         };
       };
+
+      "_" = {
+        forceSSL = cfg.enableAcme;
+        useACMEHost = mkIf cfg.enableAcme domainName;
+
+        locations."/" = {
+          return = "404";
+        };
+      };
     };
   };
 
@@ -133,8 +142,8 @@ in
 
   services.hydra = {
     enable = true;
-    hydraURL = "http://localhost:2000";
-    port = 2000;
+    hydraURL = "http://localhost:${toString hydraPort}";
+    port = hydraPort;
     notificationSender = "hydra@localhost";
     buildMachinesFiles = [ ];
     useSubstitutes = true;