diff --git a/machines/gamepc/configuration.nix b/machines/gamepc/configuration.nix
index 33aa111..1db1ecd 100644
--- a/machines/gamepc/configuration.nix
+++ b/machines/gamepc/configuration.nix
@@ -1,4 +1,8 @@
-{lib, ...}: {
+{
+  config,
+  lib,
+  ...
+}: {
   config = {
     pim = {
       cinnamon.enable = true;
@@ -6,8 +10,15 @@
 
     facter.reportPath = ./facter.json;
     networking.hostName = "gamepc";
-    users.users.pim.password = "";
-    users.users.root.password = "";
+    services.openssh.enable = true;
+
+    users.users = {
+      root.password = "";
+      pim = {
+        openssh.authorizedKeys.keys = config.pim.ssh.keys.pim;
+        password = "";
+      };
+    };
 
     boot.loader.grub = {
       enable = true;
diff --git a/nixos/cinnamon.nix b/nixos/cinnamon.nix
index 8ad3e08..62235d6 100644
--- a/nixos/cinnamon.nix
+++ b/nixos/cinnamon.nix
@@ -1,6 +1,12 @@
-{lib, ...}: {
+{
+  config,
+  lib,
+  ...
+}: let
+  cfg = config.pim.cinnamon;
+in {
   options.pim.cinnamon.enable = lib.mkEnableOption "cinnamon";
-  config = {
+  config = lib.mkIf cfg.enable {
     services = {
       displayManager.defaultSession = "cinnamon";
       libinput.enable = true;
diff --git a/nixos/default.nix b/nixos/default.nix
index dffc5c9..b705232 100644
--- a/nixos/default.nix
+++ b/nixos/default.nix
@@ -20,6 +20,7 @@
     ./tailscale.nix
     ./compliance.nix
     ./cinnamon.nix
+    ./ssh.nix
   ];
 
   time.timeZone = "Europe/Amsterdam";
diff --git a/nixos/ssh.nix b/nixos/ssh.nix
new file mode 100644
index 0000000..9cf7b85
--- /dev/null
+++ b/nixos/ssh.nix
@@ -0,0 +1,27 @@
+{lib, ...}: {
+  options = {
+    pim.ssh.keys = lib.mkOption {
+      type = lib.types.attrsOf (lib.types.listOf lib.types.str);
+    };
+  };
+
+  config = {
+    pim.ssh.keys = {
+      pim = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOodpLr+FDRyKyHjucHizNLVFHZ5AQmE9GmxMnOsSoaw pimkunis@thinkpadpim"];
+      niels = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINUZp4BCxf7uLa1QWonx/Crf8tYZ5MKIZ+EuaBa82LrV user@user-laptop"];
+    };
+
+    services = {
+      openssh = {
+        openFirewall = true;
+
+        settings = {
+          PasswordAuthentication = false;
+          KbdInteractiveAuthentication = false;
+          GSSAPIAuthentication = false;
+          UseDns = false;
+        };
+      };
+    };
+  };
+}