diff --git a/flake.nix b/flake.nix
index d980910f..bd620a03 100644
--- a/flake.nix
+++ b/flake.nix
@@ -76,7 +76,10 @@
           nixpkgs.lib.nixosSystem {
             modules = [
               ./hosts/${host}
-              { nixpkgs.hostPlatform = (myUtils.hostMeta ./hosts/${host}).system; }
+              {
+                nixpkgs.hostPlatform = (myUtils.hostMeta ./hosts/${host}).system;
+                host.name = host;
+              }
             ];
             specialArgs = {
               inherit
diff --git a/hosts/andromache/default.nix b/hosts/andromache/default.nix
index fe2c6e46..3c7a0b42 100644
--- a/hosts/andromache/default.nix
+++ b/hosts/andromache/default.nix
@@ -51,9 +51,7 @@ in
     ../../modules/yubikey
   ];
 
-  home-manager.users.${config.host.username} = import ../../home/hosts/andromache;
-
-  ssh.authorizedHosts = [ "astyanax" ];
+  home-manager.users.${config.host.username} = import ../../home/hosts/${config.host.name};
 
   secrets.nixSigningKey.enable = true;
 
diff --git a/hosts/andromache/host.nix b/hosts/andromache/host.nix
index 8e5e361d..92971ba1 100644
--- a/hosts/andromache/host.nix
+++ b/hosts/andromache/host.nix
@@ -1,7 +1,7 @@
 {
   host = {
     username = "h";
-    name = "andromache";
     highRam = true;
+    admin = true;
   };
 }
diff --git a/hosts/astyanax/default.nix b/hosts/astyanax/default.nix
index 26905937..30555a5b 100644
--- a/hosts/astyanax/default.nix
+++ b/hosts/astyanax/default.nix
@@ -47,9 +47,7 @@ in
     ../../modules/yubikey
   ];
 
-  home-manager.users.${config.host.username} = import ../../home/hosts/astyanax;
-
-  ssh.authorizedHosts = [ "andromache" ];
+  home-manager.users.${config.host.username} = import ../../home/hosts/${config.host.name};
 
   secrets.nixSigningKey.enable = true;
 
diff --git a/hosts/astyanax/host.nix b/hosts/astyanax/host.nix
index c30db140..92971ba1 100644
--- a/hosts/astyanax/host.nix
+++ b/hosts/astyanax/host.nix
@@ -1,7 +1,7 @@
 {
   host = {
     username = "h";
-    name = "astyanax";
     highRam = true;
+    admin = true;
   };
 }
diff --git a/hosts/eetion-02/default.nix b/hosts/eetion-02/default.nix
index b214d6c0..c6ea12f6 100644
--- a/hosts/eetion-02/default.nix
+++ b/hosts/eetion-02/default.nix
@@ -11,13 +11,6 @@
     ../../modules/ssh
   ];
 
-  ssh = {
-    authorizedHosts = [
-      "andromache"
-      "astyanax"
-    ];
-  };
-
   boot = {
     kernelParams = [
       "console=ttyS1,115200n8"
diff --git a/hosts/eetion-02/host.nix b/hosts/eetion-02/host.nix
index 4cf5a07a..30e5748d 100644
--- a/hosts/eetion-02/host.nix
+++ b/hosts/eetion-02/host.nix
@@ -1,6 +1,5 @@
 {
   host = {
     username = "h";
-    name = "eetion-02";
   };
 }
diff --git a/hosts/eetion/default.nix b/hosts/eetion/default.nix
index 583bb564..415165e8 100644
--- a/hosts/eetion/default.nix
+++ b/hosts/eetion/default.nix
@@ -15,13 +15,6 @@
 
   tailscale.enable = true;
 
-  ssh = {
-    authorizedHosts = [
-      "andromache"
-      "astyanax"
-    ];
-  };
-
   boot.loader = {
     grub.enable = false;
     generic-extlinux-compatible.enable = true;
diff --git a/hosts/eetion/host.nix b/hosts/eetion/host.nix
index c8aaa2bf..30e5748d 100644
--- a/hosts/eetion/host.nix
+++ b/hosts/eetion/host.nix
@@ -1,6 +1,5 @@
 {
   host = {
     username = "h";
-    name = "eetion";
   };
 }
diff --git a/hosts/hecuba/default.nix b/hosts/hecuba/default.nix
index 7ca13bed..9db565c5 100644
--- a/hosts/hecuba/default.nix
+++ b/hosts/hecuba/default.nix
@@ -18,13 +18,6 @@
   ];
 
   networking.hostName = config.host.name;
-  ssh = {
-    authorizedHosts = [
-      "andromache"
-      "astyanax"
-    ];
-  };
-
   docker.enable = true;
 
   fileSystems."/" = {
diff --git a/hosts/hecuba/host.nix b/hosts/hecuba/host.nix
index 69813537..5c134599 100644
--- a/hosts/hecuba/host.nix
+++ b/hosts/hecuba/host.nix
@@ -1,6 +1,5 @@
 {
   host = {
     username = "username";
-    name = "hecuba";
   };
 }
diff --git a/hosts/vm/host.nix b/hosts/vm/host.nix
index 44fd7f46..30e5748d 100644
--- a/hosts/vm/host.nix
+++ b/hosts/vm/host.nix
@@ -1,6 +1,5 @@
 {
   host = {
     username = "h";
-    name = "vm";
   };
 }
diff --git a/images/sd-image-orange-pi-aarch64.nix b/images/sd-image-orange-pi-aarch64.nix
index 2c1cf928..a9b26a87 100644
--- a/images/sd-image-orange-pi-aarch64.nix
+++ b/images/sd-image-orange-pi-aarch64.nix
@@ -21,11 +21,6 @@ in
     name = "orange-pi";
   };
 
-  ssh.authorizedHosts = [
-    "andromache"
-    "astyanax"
-  ];
-
   nix.settings.experimental-features = [
     "nix-command"
     "flakes"
diff --git a/images/sd-image-raspberry-pi-aarch64.nix b/images/sd-image-raspberry-pi-aarch64.nix
index 3ec2962f..20b2abff 100644
--- a/images/sd-image-raspberry-pi-aarch64.nix
+++ b/images/sd-image-raspberry-pi-aarch64.nix
@@ -21,11 +21,6 @@ in
     name = "raspberry-pi";
   };
 
-  ssh.authorizedHosts = [
-    "andromache"
-    "astyanax"
-  ];
-
   boot.kernelParams = [
     "console=ttyS1,115200n8"
   ];
diff --git a/modules/common/host.nix b/modules/common/host.nix
index 75e975c7..dadd27fd 100644
--- a/modules/common/host.nix
+++ b/modules/common/host.nix
@@ -24,5 +24,10 @@
       type = lib.types.bool;
       default = false;
     };
+
+    admin = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+    };
   };
 }
diff --git a/modules/ssh/authorized-keys.nix b/modules/ssh/authorized-keys.nix
index 7ad6eddf..d30480e8 100644
--- a/modules/ssh/authorized-keys.nix
+++ b/modules/ssh/authorized-keys.nix
@@ -1,7 +1,12 @@
-{ lib, config, ... }:
+{
+  lib,
+  config,
+  ...
+}:
 
 let
   inherit (config.host) username;
+  adminHosts = (import ../../utils { inherit lib; }).adminHosts ../../hosts;
 in
 {
   options.ssh = {
@@ -19,6 +24,6 @@ in
         keyFile = ../../hosts/${hostname}/ssh_user.pub;
       in
       lib.optionals (builtins.pathExists keyFile) (lib.splitString "\n" (builtins.readFile keyFile))
-    ) config.ssh.authorizedHosts
+    ) ((builtins.filter (h: h != config.host.name) adminHosts) ++ config.ssh.authorizedHosts)
   );
 }
diff --git a/utils/default.nix b/utils/default.nix
index 202d80be..e8eed6e6 100644
--- a/utils/default.nix
+++ b/utils/default.nix
@@ -1,12 +1,8 @@
 { lib }:
 
 let
-  hosts = import ./hosts.nix;
+  fs = import ./fs.nix { inherit lib; };
+  hosts = import ./hosts.nix { inherit lib; };
   secrets = import ./secrets.nix { inherit lib; };
 in
-{
-  dirNames =
-    path: builtins.attrNames (lib.filterAttrs (_: type: type == "directory") (builtins.readDir path));
-}
-// hosts
-// secrets
+fs // hosts // secrets
diff --git a/utils/fs.nix b/utils/fs.nix
new file mode 100644
index 00000000..547e6e3e
--- /dev/null
+++ b/utils/fs.nix
@@ -0,0 +1,6 @@
+{ lib }:
+
+{
+  dirNames =
+    path: builtins.attrNames (lib.filterAttrs (_: t: t == "directory") (builtins.readDir path));
+}
diff --git a/utils/hosts.nix b/utils/hosts.nix
index 19c1de50..617c8ada 100644
--- a/utils/hosts.nix
+++ b/utils/hosts.nix
@@ -1,3 +1,8 @@
+{ lib }:
+
+let
+  fs = import ./fs.nix { inherit lib; };
+in
 {
   hostMeta =
     hostDir:
@@ -5,4 +10,10 @@
       import (hostDir + "/meta.nix")
     else
       throw "meta.nix required in ${hostDir}";
+
+  adminHosts =
+    hostsPath:
+    builtins.filter (host: ((import (hostsPath + "/${host}/host.nix")).host.admin or false)) (
+      fs.dirNames hostsPath
+    );
 }