diff --git a/hosts/dunamis/configuration.nix b/hosts/dunamis/configuration.nix
index 330212f..196b19b 100644
--- a/hosts/dunamis/configuration.nix
+++ b/hosts/dunamis/configuration.nix
@@ -45,16 +45,4 @@
   opentabletdriver.enable = false;
   qmk-vial.enable = true;
   virtual.libvirt.enable = true;
-
-  nix = let
-    inherit (builtins) readFile;
-    inherit (config.users.users) user;
-  in {
-    settings.trusted-users = ["nix-ssh"];
-    sshServe = {
-      enable = true;
-      write = true;
-      keys = map (f: readFile f) user.openssh.authorizedKeys.keyFiles;
-    };
-  };
 }
diff --git a/hosts/dunamis/misc/default.nix b/hosts/dunamis/misc/default.nix
index 5ee61c0..ebef8d5 100644
--- a/hosts/dunamis/misc/default.nix
+++ b/hosts/dunamis/misc/default.nix
@@ -1,5 +1,6 @@
 {
   imports = [
     # ./minecraft.nix
+    ./nix-ssh-serve.nix
   ];
 }
diff --git a/hosts/dunamis/misc/nix-ssh-serve.nix b/hosts/dunamis/misc/nix-ssh-serve.nix
new file mode 100644
index 0000000..434b9f1
--- /dev/null
+++ b/hosts/dunamis/misc/nix-ssh-serve.nix
@@ -0,0 +1,15 @@
+{config, ...}: {
+  nix = let
+    inherit (builtins) readFile;
+    inherit (config.users.users) user;
+  in {
+    sshServe = {
+      enable = true;
+      keys = map (f: readFile f) user.openssh.authorizedKeys.keyFiles;
+      # protocol = "ssh-ng";
+      trusted = true;
+      write = true;
+    };
+  };
+  security.pam.enableSSHAgentAuth = true;
+}