diff --git a/nix/modules/options/persist.nix b/nix/modules/options/persist.nix
index 4e298c0..2ce1993 100644
--- a/nix/modules/options/persist.nix
+++ b/nix/modules/options/persist.nix
@@ -48,16 +48,4 @@ in
         };
       };
     };
-  flake.modules.homeManager.default =
-    { config, ... }:
-    {
-      imports = [ inputs.impermanence.homeManagerModules.impermanence ];
-      options.persistDirs = mkOpts "directory" { };
-      options.persistFiles = mkOpts "file" { };
-      config.home.persistence."/persist${config.home.homeDirectory}" = {
-        allowOther = true;
-        directories = config.persistDirs;
-        files = config.persistFiles;
-      };
-    };
 }
diff --git a/nix/modules/ssh.nix b/nix/modules/ssh.nix
index 1adf4bc..4c8fde2 100644
--- a/nix/modules/ssh.nix
+++ b/nix/modules/ssh.nix
@@ -1,20 +1,10 @@
-{ config, lib, ... }:
-let
-  cfg = config.flake;
-  inherit (lib.modules) mkMerge;
-  inherit (cfg.lib.modules) forAllUsers';
-in
 {
-  flake.modules.nixos.default = mkMerge [
-    {
-      persistFiles = [
-        "/etc/ssh/ssh_host_ed25519_key"
-        "/etc/ssh/ssh_host_ed25519_key.pub"
-        "/etc/ssh/ssh_host_rsa_key"
-        "/etc/ssh/ssh_host_rsa_key.pub"
-      ];
-      users.users = forAllUsers' (_: value: { openssh.authorizedKeys.keys = [ value.pubkey ]; });
-    }
-    { users.users.root.openssh.authorizedKeys.keys = [ cfg.admin.pubkey ]; }
-  ];
+  flake.modules.nixos.default = {
+    persistFiles = [
+      "/etc/ssh/ssh_host_ed25519_key"
+      "/etc/ssh/ssh_host_ed25519_key.pub"
+      "/etc/ssh/ssh_host_rsa_key"
+      "/etc/ssh/ssh_host_rsa_key.pub"
+    ];
+  };
 }
diff --git a/nix/modules/users.nix b/nix/modules/users.nix
index b9ab8f7..2c1a5c9 100644
--- a/nix/modules/users.nix
+++ b/nix/modules/users.nix
@@ -11,6 +11,8 @@ in
       #TODO: move sudo/security options elsewhere
       # security.sudo.wheelNeedsPassword = false;
       # nix.settings.trusted-users = [ "@wheel" ];
+      #TODO: move ssh key settings elsewhere
+      # users.users.root.openssh.authorizedKeys.keys = [ owner.pubkey ];
       # persist uids and gids
       persistDirs = [ "/var/lib/nixos" ];
       users = {
@@ -21,6 +23,7 @@ in
             isNormalUser = true;
             hashedPasswordFile = config.sops.secrets."${name}/hashedPassword".path;
             extraGroups = optional (value.primary or false) "wheel";
+            openssh.authorizedKeys.keys = [ value.pubkey ];
           }
         );
       };