diff --git a/flake.nix b/flake.nix
index 8e1f080..24575de 100644
--- a/flake.nix
+++ b/flake.nix
@@ -47,7 +47,8 @@
   outputs = { nixpkgs, ... }@inputs:
     let
       bin.sshPort = 2222;
-      specialArgs = { inherit inputs bin; };
+      ssh.publicKeys.yubikey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLIUkESu5NnBi1M0+ZjYrkp6/rIFuwc3aguspf98jmOydNce6l65cnS3GRzc9oWx4lu11ahi87ZuE+pYV+gaHm4=";
+      specialArgs = { inherit inputs bin ssh; };
       system = "x86_64-linux";
     in
     {
diff --git a/hosts/apu/configuration.nix b/hosts/apu/configuration.nix
index 15456a7..53ca803 100644
--- a/hosts/apu/configuration.nix
+++ b/hosts/apu/configuration.nix
@@ -2,7 +2,7 @@
 # your system. Help is availanodev";
 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
 
-{ lib, pkgs, config, ... }:
+{ ssh, pkgs, config, ... }:
 {
   boot.loader.grub.enable = true;
   boot.loader.grub.device = "/dev/sda";
@@ -157,9 +157,7 @@
     isNormalUser = true;
     extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
     packages = [ pkgs.nh ];
-    openssh.authorizedKeys.keys = [
-      "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLIUkESu5NnBi1M0+ZjYrkp6/rIFuwc3aguspf98jmOydNce6l65cnS3GRzc9oWx4lu11ahi87ZuE+pYV+gaHm4="
-    ];
+    openssh.authorizedKeys.keys = [ ssh.publicKeys.yubikey ];
     initialPassword = "change-me";
   };
 
diff --git a/hosts/freun.dev/configuration.nix b/hosts/freun.dev/configuration.nix
index ec22cee..d9b570e 100644
--- a/hosts/freun.dev/configuration.nix
+++ b/hosts/freun.dev/configuration.nix
@@ -2,7 +2,7 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running `nixos-help`).
 
-{ config, pkgs, self, ... }:
+{ config, pkgs, ssh, ... }:
 
 {
   nix = {
@@ -107,11 +107,11 @@
     isNormalUser = true;
     extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
     packages = [ pkgs.nh ];
-    openssh.authorizedKeys.keys = [
-      "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLIUkESu5NnBi1M0+ZjYrkp6/rIFuwc3aguspf98jmOydNce6l65cnS3GRzc9oWx4lu11ahi87ZuE+pYV+gaHm4="
-    ];
+    openssh.authorizedKeys.keys = [ ssh.publicKeys.yubikey ];
   };
 
+  nix.settings.trusted-users = [ "jokke" ];
+
   # List packages installed in system profile. To search, run:
   # $ nix search wget
   environment.systemPackages = with pkgs; [
diff --git a/hosts/freun.dev/services/snips.nix b/hosts/freun.dev/services/snips.nix
index 2597d59..4db0ace 100644
--- a/hosts/freun.dev/services/snips.nix
+++ b/hosts/freun.dev/services/snips.nix
@@ -1,13 +1,11 @@
-{ pkgs, bin, ... }:
+{ pkgs, bin, ssh, ... }:
 let
   fqdn = "bin.freun.dev";
   port = 3600;
   sshPort = bin.sshPort;
   authorizedKeys = pkgs.writeTextFile {
     name = "authorized_keys";
-    text = ''
-      ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLIUkESu5NnBi1M0+ZjYrkp6/rIFuwc3aguspf98jmOydNce6l65cnS3GRzc9oWx4lu11ahi87ZuE+pYV+gaHm4=
-    '';
+    text = ssh.publicKeys.yubikey;
   };
 in
 {