diff --git a/modules/nix/linux-builder.nix b/modules/nix/linux-builder.nix
index da8d7910f..8195cc132 100644
--- a/modules/nix/linux-builder.nix
+++ b/modules/nix/linux-builder.nix
@@ -20,6 +20,7 @@ let
     rm -rf $TMPDIR
     mkdir -p $TMPDIR
     trap "rm -rf $TMPDIR" EXIT
+    ${lib.optionalString cfg.ephemeral "rm -f ${cfg.workingDirectory}/nixos.qcow2"}
     ${builderWithOverrides}/bin/create-builder
   '';
 in
@@ -77,6 +78,22 @@ in
         This sets the corresponding `nix.buildMachines.*.supportedFeatures` option.
       '';
     };
+
+    workingDirectory = mkOption {
+      type = types.str;
+      default = "/var/lib/darwin-builder";
+      description = lib.mdDoc ''
+        The working directory of the Linux builder daemon process.
+      '';
+    };
+
+    ephemeral = mkEnableOption (lib.mdDoc ''
+      delete the builder's disk image on ever service restart.
+
+      This is useful whenever you change the builder's system configuration or
+      simply don't want it to accumulate state. Leave it disabled if you need to
+      rely on secrets or other information in the builder's file system.
+    '');
   };
 
   config = mkIf cfg.enable {
@@ -89,7 +106,7 @@ in
     } ];
 
     system.activationScripts.preActivation.text = ''
-      mkdir -p /var/lib/darwin-builder
+      mkdir -p ${cfg.workingDirectory}
     '';
 
     launchd.daemons.linux-builder = {
@@ -103,7 +120,7 @@ in
         ];
         KeepAlive = true;
         RunAtLoad = true;
-        WorkingDirectory = "/var/lib/darwin-builder";
+        WorkingDirectory = cfg.workingDirectory;
       };
     };