diff --git a/m/module/shared-nix-store.nix b/m/module/shared-nix-store.nix
index 1c19fd9..72ece72 100644
--- a/m/module/shared-nix-store.nix
+++ b/m/module/shared-nix-store.nix
@@ -4,15 +4,26 @@
   # from being able to mount it.
   boot.readOnlyNixStore = false;
 
-  # Mount the hut nix store via NFS
+  # Mount the hut nix store via NFS in read-only mode.
   fileSystems."/mnt/hut-nix-store" = {
     device = "hut:/nix/store";
     fsType = "nfs";
     options = [ "ro" ];
   };
 
-  # Create the work directory
-  #systemd.tmpfiles.rules = [
-  #  "d /mnt/nix-overlay/work 0550 1000 root root -"
-  #];
+  # A workdir is also needed, so setup a permanent dir using tmpfiles.
+  systemd.tmpfiles.rules = [
+    "d /mnt/nix-work 0700 root root -"
+  ];
+
+  # Mount an overlay in /nix/store using as lower layer the NFS store and upper
+  # layer the disk nix store. The destination is still the nix store in
+  # /nix/store (confusing). We need rw access, as the daemon need to write the
+  # lock files to build derivations locally.
+  fileSystems."/nix/store" = {
+    device = "overlay";
+    fsType = "overlay";
+    options = [ "lowerdir=/mnt/hut-nix-store,upperdir=/nix/store,workdir=/mnt/nix-work" ];
+    depends = [ "/nix/store" "/mnt/hut-nix-store" "/mnt/nix-work" ];
+  };
 }