diff --git a/README.md b/README.md
index 2eef68e..042db6b 100644
--- a/README.md
+++ b/README.md
@@ -322,14 +322,47 @@ Default `deploySubjects`:
 | `package` | package | from flake | Package to use |
 | `natsUrl` | string | required | NATS server URL |
 | `nkeyFile` | path | required | Path to NKey seed file |
-| `configFile` | path | required | Path to builder configuration file |
+| `configFile` | path | `null` | Path to builder config file (alternative to `settings`) |
+| `settings.repos` | attrs | `{}` | Repository configuration (see below) |
 | `timeout` | int | `1800` | Build timeout per host in seconds |
 | `environment` | attrs | `{}` | Additional environment variables |
 | `metrics.enable` | bool | `false` | Enable Prometheus metrics endpoint |
 | `metrics.address` | string | `":9973"` | Metrics HTTP server address |
 | `metrics.openFirewall` | bool | `false` | Open firewall for metrics port |
 
-Example builder configuration:
+Each entry in `settings.repos` is an attribute set with:
+
+| Option | Type | Default | Description |
+|--------|------|---------|-------------|
+| `url` | string | required | Git flake URL (must start with `git+https://`, `git+ssh://`, or `git+file://`) |
+| `defaultBranch` | string | `"master"` | Default branch to build when not specified |
+
+Example builder configuration using `settings`:
+
+```nix
+services.homelab-deploy.builder = {
+  enable = true;
+  natsUrl = "nats://nats.example.com:4222";
+  nkeyFile = "/run/secrets/homelab-deploy-builder-nkey";
+  settings.repos = {
+    nixos-servers = {
+      url = "git+https://git.example.com/org/nixos-servers.git";
+      defaultBranch = "master";
+    };
+    homelab = {
+      url = "git+ssh://git@github.com/user/homelab.git";
+      defaultBranch = "main";
+    };
+  };
+  metrics = {
+    enable = true;
+    address = ":9973";
+    openFirewall = true;
+  };
+};
+```
+
+Alternatively, you can use `configFile` to point to an external YAML file:
 
 ```nix
 services.homelab-deploy.builder = {
@@ -337,11 +370,6 @@ services.homelab-deploy.builder = {
   natsUrl = "nats://nats.example.com:4222";
   nkeyFile = "/run/secrets/homelab-deploy-builder-nkey";
   configFile = "/etc/homelab-deploy/builder.yaml";
-  metrics = {
-    enable = true;
-    address = ":9973";
-    openFirewall = true;
-  };
 };
 ```
 
diff --git a/nixos/module.nix b/nixos/module.nix
index 298015e..2c34fbd 100644
--- a/nixos/module.nix
+++ b/nixos/module.nix
@@ -5,6 +5,20 @@ let
   listenerCfg = config.services.homelab-deploy.listener;
   builderCfg = config.services.homelab-deploy.builder;
 
+  # Generate YAML config from settings
+  generatedConfigFile = pkgs.writeText "builder.yaml" (lib.generators.toYAML {} {
+    repos = lib.mapAttrs (name: repo: {
+      url = repo.url;
+      default_branch = repo.defaultBranch;
+    }) builderCfg.settings.repos;
+  });
+
+  # Use provided configFile or generate from settings
+  builderConfigFile =
+    if builderCfg.configFile != null
+    then builderCfg.configFile
+    else generatedConfigFile;
+
   # Build command line arguments for listener from configuration
   listenerArgs = lib.concatStringsSep " " ([
     "--hostname ${lib.escapeShellArg listenerCfg.hostname}"
@@ -26,7 +40,7 @@ let
   builderArgs = lib.concatStringsSep " " ([
     "--nats-url ${lib.escapeShellArg builderCfg.natsUrl}"
     "--nkey-file ${lib.escapeShellArg builderCfg.nkeyFile}"
-    "--config ${lib.escapeShellArg builderCfg.configFile}"
+    "--config ${builderConfigFile}"
     "--timeout ${toString builderCfg.timeout}"
   ]
   ++ lib.optionals builderCfg.metrics.enable [
@@ -161,11 +175,52 @@ in
     };
 
     configFile = lib.mkOption {
-      type = lib.types.path;
-      description = "Path to builder configuration file (YAML)";
+      type = lib.types.nullOr lib.types.path;
+      default = null;
+      description = ''
+        Path to builder configuration file (YAML).
+        If not specified, a config file will be generated from the `settings` option.
+      '';
       example = "/etc/homelab-deploy/builder.yaml";
     };
 
+    settings = {
+      repos = lib.mkOption {
+        type = lib.types.attrsOf (lib.types.submodule {
+          options = {
+            url = lib.mkOption {
+              type = lib.types.str;
+              description = "Git flake URL for the repository";
+              example = "git+https://git.example.com/org/nixos-configs.git";
+            };
+            defaultBranch = lib.mkOption {
+              type = lib.types.str;
+              default = "master";
+              description = "Default branch to build when not specified in request";
+              example = "main";
+            };
+          };
+        });
+        default = {};
+        description = ''
+          Repository configuration for the builder.
+          Each key is the repository name used in build requests.
+        '';
+        example = lib.literalExpression ''
+          {
+            nixos-servers = {
+              url = "git+https://git.example.com/org/nixos-servers.git";
+              defaultBranch = "master";
+            };
+            homelab = {
+              url = "git+ssh://git@github.com/user/homelab.git";
+              defaultBranch = "main";
+            };
+          }
+        '';
+      };
+    };
+
     timeout = lib.mkOption {
       type = lib.types.int;
       default = 1800;
@@ -198,6 +253,15 @@ in
   };
 
   config = lib.mkMerge [
+    (lib.mkIf builderCfg.enable {
+      assertions = [
+        {
+          assertion = builderCfg.configFile != null || builderCfg.settings.repos != {};
+          message = "services.homelab-deploy.builder: either configFile or settings.repos must be specified";
+        }
+      ];
+    })
+
     (lib.mkIf listenerCfg.enable {
       systemd.services.homelab-deploy-listener = {
         description = "homelab-deploy listener";