diff --git a/hosts/hera/boot.nix b/hosts/hera/boot.nix
index 4e213492..e06e0706 100644
--- a/hosts/hera/boot.nix
+++ b/hosts/hera/boot.nix
@@ -1,6 +1,8 @@
 { ... }:
 {
 
+m-0.server.initSSHKey = ./secret/boot_rsa;
+
 # Use the systemd-boot EFI boot loader.
 boot = {
   loader = {
diff --git a/system/modules/server/init_ssh.nix b/system/modules/server/init_ssh.nix
index d9ad5d0e..b4fa3c74 100644
--- a/system/modules/server/init_ssh.nix
+++ b/system/modules/server/init_ssh.nix
@@ -1,6 +1,11 @@
 { config, pkgs, lib, ... }:
 with lib;
 {
+options = {
+  m-0.server.initSSHKey = mkOption {
+    type = types.path;
+  };
+};
 
 config = mkIf config.m-0.server.enable {
   boot.initrd = {
@@ -11,9 +16,9 @@ config = mkIf config.m-0.server.enable {
         authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
 
         # generate file with
-        # dropbearkey -t rsa -f /etc/nixos/boot_rsa
-        # nix-env -iA nixos.dropbear
-        hostRSAKey = builtins.toPath "/etc/nixos/hosts/${config.networking.hostName}/secret/boot_rsa";
+        # nix-shell -p dropbear
+        # dropbearkey -t rsa -f boot_rsa
+        hostRSAKey = config.m-0.server.initSSHKey;
       };
     };
     postMountCommands = "ip link set eth0 down";