diff --git a/modules/default.nix b/modules/default.nix
index c983c67..b9db496 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -16,6 +16,7 @@
     ./gpu
     ./grub.nix
     ./gui.nix
+    ./initrd-ssh.nix
     ./libvirt.nix
     ./locales.nix
     ./media-proxy.nix
diff --git a/modules/initrd-ssh.nix b/modules/initrd-ssh.nix
new file mode 100644
index 0000000..2bb1984
--- /dev/null
+++ b/modules/initrd-ssh.nix
@@ -0,0 +1,19 @@
+# For network to work in initrd, either pass the `ip=` kernel parameter or
+# enable networking.useDHCP. You also have to add the required kernel modules
+# for the network card to boot.initrd.availableKernelModules. Also see the
+# instructions on how to add a host key to password-store.
+{ config, lib, ... }:
+{
+  boot.initrd.network = {
+    #enable = true;
+    ssh = {
+      enable = lib.mkDefault config.boot.initrd.network.enable;
+      port = 2222;
+      # ssh-keygen -t ed25519 -N "" -f initrd-ssh-host-key -C HOSTNAME
+      # pass insert -m nixos/machines/HOSTNAME/initrd-ssh-host-key < initrd-ssh-host-key
+      hostKeys = [
+        (toString <secrets/initrd-ssh-host-key>)
+      ];
+    };
+  };
+}