diff --git a/flake.nix b/flake.nix
index ff2fe2c..d6eb49c 100644
--- a/flake.nix
+++ b/flake.nix
@@ -86,6 +86,12 @@
       inputs.flake-utils.follows = "flake-utils";
     };
 
+    agenix = {
+      url = github:ryantm/agenix;
+      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.darwin.follows = "nix-darwin";
+    };
+
     # Dependcies
     flake-compat = {
       url = github:edolstra/flake-compat;
@@ -123,6 +129,7 @@
         home-manager.nixosModules.home-manager
         nur.nixosModules.nur
         peerix.nixosModules.peerix
+        agenix.nixosModules.default
         {
           home-manager = {
             useGlobalPkgs = true;
@@ -130,10 +137,10 @@
           };
           system.stateVersion = "23.05";
           services.peerix = {
-            enable = true;
+            #enable = true;
             package = peerix.packages.x86_64-linux.peerix;
             openFirewall = true;
-            privateKeyFile = ./peerix-private;
+            #privateKeyFile = ./peerix-private;
             #publicKeyFile =  ./peerix-public;
             publicKey = "peerix-kami:4DwMEXpwqOWq+fj8gF435FbYGzMkKoMQAUk/0OX0Y0g=";
           };
diff --git a/modules/system/boot/uefi/default.nix b/modules/system/boot/uefi/default.nix
index f0fc895..bffdb13 100644
--- a/modules/system/boot/uefi/default.nix
+++ b/modules/system/boot/uefi/default.nix
@@ -14,7 +14,7 @@ in
     boot.loader.efi.canTouchEfiVariables = true;
     boot.loader.efi.efiSysMountPoint = "/boot/efi";
 
-    boot.loader.systemd-boot.configurationLimit = 10;
+    #boot.loader.systemd-boot.configurationLimit = 10;
 
     # https://github.com/NixOS/nixpkgs/blob/c32c39d6f3b1fe6514598fa40ad2cf9ce22c3fb7/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix#L66
     boot.loader.systemd-boot.editor = false;
diff --git a/modules/system/ssh/default.nix b/modules/system/ssh/default.nix
new file mode 100644
index 0000000..532ffc6
--- /dev/null
+++ b/modules/system/ssh/default.nix
@@ -0,0 +1,18 @@
+{ options, config, pkgs, lib, ... }:
+
+with lib;
+#with lib.internal;
+let cfg = config.custom.system.ssh;
+in
+{
+  options.custom.system.ssh = with types; {
+    enable = mkBoolOpt false "Whether or not to enable ssh.";
+  };
+
+  config = mkIf cfg.enable {
+    services.openssh.enable = true;
+    services.openssh.settings.X11forwarding = true;
+    services.openssh.settings.PermitRootLogin = "yes";
+  };
+}
+
diff --git a/modules/user/jopejoe1/default.nix b/modules/user/jopejoe1/default.nix
index 1374818..7d2ebd8 100644
--- a/modules/user/jopejoe1/default.nix
+++ b/modules/user/jopejoe1/default.nix
@@ -14,6 +14,7 @@ in
       isNormalUser = true;
       description = "jopejoe1 🚫";
       initialPassword = "password";
+      openssh.authorizedKeys.keys = [];
       extraGroups = [ "wheel"]
         ++ lib.optionals config.custom.hardware.printing.enable [ "scanner" "lp"]
         ++ lib.optional config.networking.networkmanager.enable "networkmanger";
diff --git a/systems/aarch64-linux/yokai/default.nix b/systems/aarch64-linux/yokai/default.nix
index aceb21e..483d95b 100644
--- a/systems/aarch64-linux/yokai/default.nix
+++ b/systems/aarch64-linux/yokai/default.nix
@@ -12,6 +12,7 @@ with lib;
   custom.system.fonts.enable = true;
   custom.system.locale.enable = true;
   custom.system.locale.layout = "us";
+  custom.system.ssh.enable = true;
   custom.nix.enable = true;
   custom.hardware.audio.enable = true;
   custom.hardware.printing.enable = true;
diff --git a/systems/x86_64-linux/kami/default.nix b/systems/x86_64-linux/kami/default.nix
index 90d7d19..e9a9089 100644
--- a/systems/x86_64-linux/kami/default.nix
+++ b/systems/x86_64-linux/kami/default.nix
@@ -12,6 +12,7 @@ with lib;
   custom.system.fonts.enable = true;
   custom.system.locale.enable = true;
   custom.system.locale.layout = "de";
+  custom.system.ssh.enable = true;
   custom.nix.enable = true;
   custom.hardware.audio.enable = true;
   custom.hardware.printing.enable = true;
@@ -26,7 +27,7 @@ with lib;
 
   hardware.opengl.enable = true;
   hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.beta;
-  boot.kernelParams = [ "module_blacklist=i915" ];
+  #boot.kernelParams = [ "module_blacklist=i915" ];
 
   programs = {
     dconf.enable = true;
diff --git a/systems/x86_64-linux/oni/default.nix b/systems/x86_64-linux/oni/default.nix
index e19833b..d6eb08d 100644
--- a/systems/x86_64-linux/oni/default.nix
+++ b/systems/x86_64-linux/oni/default.nix
@@ -12,6 +12,7 @@ with lib;
   custom.system.fonts.enable = true;
   custom.system.locale.enable = true;
   custom.system.locale.layout = "de";
+  custom.system.ssh.enable = true;
   custom.nix.enable = true;
   custom.hardware.audio.enable = true;
   custom.hardware.printing.enable = true;