diff --git a/common/ssh-keys.nix b/common/ssh-keys.nix
index 426d953..4b747cc 100644
--- a/common/ssh-keys.nix
+++ b/common/ssh-keys.nix
@@ -27,6 +27,8 @@
     build02-aarch64-lix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGdJE375pe58RJbhKwXRp3D//+SJ3ssiVZrLsM9CLHn0";
     build01-aarch64-darwin-lix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVf1uO0lv5UBti/naW/+amqLxvWZg+StXk9aM+lJ7e4";
 
+    buildbot-lix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFoVSh35UqNQZ6ZZ1c6CzqERC40ovQ/KDXz8pC7nNlkR";
+
     # Raito infrastructure
     epyc-newtype-fr = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOXT9Init1MhKt4rjBANLq0t0bPww/WQZ96uB4AEDrml";
   };
diff --git a/flake.nix b/flake.nix
index b7783e6..75c44e8 100644
--- a/flake.nix
+++ b/flake.nix
@@ -198,6 +198,7 @@
       build-coord.imports = floralInfraModules ++ [ ./hosts/build-coord ];
 
       build01-aarch64-lix.imports = lixInfraModules ++ [ ./hosts/build01-aarch64-lix ];
+      buildbot-lix.imports = lixInfraModules ++ [ ./hosts/buildbot-lix ];
     } // builders;
 
     hydraJobs = builtins.mapAttrs (n: v: v.config.system.build.netbootDir or v.config.system.build.toplevel) self.nixosConfigurations;
diff --git a/hosts/buildbot-lix/default.nix b/hosts/buildbot-lix/default.nix
new file mode 100644
index 0000000..91d8b78
--- /dev/null
+++ b/hosts/buildbot-lix/default.nix
@@ -0,0 +1,69 @@
+# Configuration for a virtual machine in Raito's micro-DC basement.
+# 32 vCPU (2014 grade Xeon though)
+# 32GB RAM
+# 30GB SSD
+# 500GB HDD
+# All specifications can be upgraded to a certain extent, just ask Raito.
+# Hosts the coordinator for Buildbot.
+#
+# vim: et:ts=2:sw=2:
+#
+{ lib, modulesPath, ... }: {
+  networking.hostName = "buildbot";
+  networking.domain = "lix.systems";
+
+  zramSwap.enable = true;
+
+  bagel.sysadmin.enable = true;
+  # Buildbot is proxied.
+  bagel.raito.v6-proxy-awareness.enable = true;
+  bagel.hardware.raito-vm = {
+    enable = true;
+    networking = {
+      nat-lan-mac = "BC:24:11:75:62:42";
+      wan = {
+        mac = "BC:24:11:B2:5F:2E";
+        address = "2001:bc8:38ee:100::200/56";
+      };
+    };
+  };
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  bagel.services.buildbot = {
+    enable = true;
+    domain = "buildbot.lix.systems";
+    gerrit =
+    {
+      domain = "gerrit.lix.systems";
+      port = 2022;
+      username = "buildbot";
+    };
+    cors.allowedOrigin = "*.lix.systems";
+    projects = [
+      "lix"
+      "lix-installer"
+    ];
+    buildSystems = [
+      "x86_64-linux"
+      "aarch64-linux"
+      "aarch64-darwin"
+      # Too slow.
+      /* "x86_64-darwin" */
+    ];
+    # Lix is not allowed to use yet Floral's x86_64 builders for now.
+    builders = [ ];
+  };
+
+  # This machine does not use /nix from btrfs, and instead uses a store on a bigger disk.
+  fileSystems."/nix" =
+    lib.mkForce
+    { device = "/dev/disk/by-uuid/1815ca49-d0b0-4b99-8aec-0d790498ba6f";
+      fsType = "xfs";
+      neededForBoot = true;
+      options = [ "relatime" ];
+    };
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  system.stateVersion = "24.05";
+  deployment.targetHost = "buildbot.lix.systems";
+}
diff --git a/secrets.nix b/secrets.nix
index ab40910..193c217 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -53,6 +53,14 @@ let
     };
 
     lix = {
+      buildbot-worker-password = [ machines.buildbot-lix ];
+      buildbot-oauth-secret = [ machines.buildbot-lix ];
+      buildbot-workers = [ machines.buildbot-lix ];
+      # Private SSH key to Gerrit
+      # ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHx52RUPWzTa2rBA96xcnGjjzAboNN/hm6gW+Q6JiSos
+      buildbot-service-key = [ machines.buildbot-lix ];
+      # Signing key for Buildbot's specific cache
+      buildbot-signing-key = [ machines.buildbot-lix ];
       buildbot-remote-builder-key = [ machines.buildbot-lix ];
     };
   };
diff --git a/secrets/lix/buildbot-oauth-secret.age b/secrets/lix/buildbot-oauth-secret.age
new file mode 100644
index 0000000..55f8548
--- /dev/null
+++ b/secrets/lix/buildbot-oauth-secret.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 Ao+7Wg q7oRHUUlAvD8OUbpPT7d6eLMPWU0YS/verYTDE5BCkY
+/87/1uqOvRYeqel9IjnFmGyF9SXUQD8MTgfcj91b/Fs
+--- ulIeB91NJ7z/64h9BCLSD9/RW/zwv3m1Zo2ovNuInv8
+Μ�}�Ӛ#�p� o>�*v����s?[���L
+��z�r��?R���7<�
+�i!�{X����
\ No newline at end of file
diff --git a/secrets/lix/buildbot-remote-builder-key.age b/secrets/lix/buildbot-remote-builder-key.age
new file mode 100644
index 0000000..3e61986
Binary files /dev/null and b/secrets/lix/buildbot-remote-builder-key.age differ
diff --git a/secrets/lix/buildbot-service-key.age b/secrets/lix/buildbot-service-key.age
new file mode 100644
index 0000000..43cbccb
Binary files /dev/null and b/secrets/lix/buildbot-service-key.age differ
diff --git a/secrets/lix/buildbot-signing-key.age b/secrets/lix/buildbot-signing-key.age
new file mode 100644
index 0000000..2929b2e
--- /dev/null
+++ b/secrets/lix/buildbot-signing-key.age
@@ -0,0 +1,6 @@
+age-encryption.org/v1
+-> ssh-ed25519 Ao+7Wg EMpfs0EpWwaIKAoUBfEkyAHLIwi6JnGG6RvUWM5LjnU
+LKiwUBNc791U/GVRNlRPZE/TEMJjcFFrLruFJhiyiOI
+--- 0khp8u+4vHgGyQqP05m473Eo09eyOUZLI5+EK4olzoc
+N3(
+���
xRq��f��;��3�~R��
C^�+f��1���x�����Sؗh�
��˰G��n�YI��:7�!�u�H�y/�����.���^�lC��U���5c�:]�N�&'M���-���HF�D0��cj� ��~
\ No newline at end of file
diff --git a/secrets/lix/buildbot-worker-password.age b/secrets/lix/buildbot-worker-password.age
new file mode 100644
index 0000000..2eb92ca
Binary files /dev/null and b/secrets/lix/buildbot-worker-password.age differ
diff --git a/secrets/lix/buildbot-workers.age b/secrets/lix/buildbot-workers.age
new file mode 100644
index 0000000..71aaa06
--- /dev/null
+++ b/secrets/lix/buildbot-workers.age
@@ -0,0 +1,6 @@
+age-encryption.org/v1
+-> ssh-ed25519 Ao+7Wg RPKKoI5l5cYVdSvOxTHCUtwceac4vSi3+vlaqHr8kQg
+qbgTHCeQDNM30IJNZ/BU6wgryJwB316H5GWWaYB/wng
+--- GuFi3GSRdlBJ5YRjfAVyFDZ+4TH575kFJLnFp5847N0
+-��H��*x�M7�t<,4���^�5@v�����,Z�M�g=M
+� 3v�Jī���Nz�8'<^'4&W�f"������\�����wmz�lAl|+���K�~68�E���k�8�?S&�aM��~���]Vf� �Jxa�D��x
\ No newline at end of file