diff --git a/machines/_base.nix b/machines/_base.nix
index 700a0d5..58bc495 100644
--- a/machines/_base.nix
+++ b/machines/_base.nix
@@ -31,6 +31,10 @@
     ];
   };
 
+  security.sudo.extraRules = [
+    # admin group has sudo access
+    { groups = [ "skynet-admins" ]; commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ]; }
+  ];
 
   networking = {
     # every sever needs to be accessable over ssh for admin use at least
diff --git a/machines/optimus.nix b/machines/optimus.nix
index e53e40d..709a0ad 100644
--- a/machines/optimus.nix
+++ b/machines/optimus.nix
@@ -66,10 +66,6 @@ in {
     };
   };
 
-  security.sudo.extraRules = [
-     { groups = [ "skynet-admins" ]; commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ]; }
-  ];
-
   services.sssd = {
     enable = true;