diff --git a/magpie/configuration.nix b/magpie/configuration.nix
index fb4fed1..4ea32a3 100644
--- a/magpie/configuration.nix
+++ b/magpie/configuration.nix
@@ -23,6 +23,20 @@
     "net.ipv4.tcp_congestion_control" = "bbr";
   };
 
+  boot.initrd = {
+    compressor = "zstd";
+    availableKernelModules = ["virtio-pci"];
+    network = {
+      enable = true;
+      udhcpc.enable = true;
+      ssh = {
+        enable = true;
+        hostKeys = [config.sops.secrets."ssh_tmp_key".path];
+        authorizedKeyFiles = [../nixy/ssh_pubkey];
+      };
+    };
+  };
+
   # Set your time zone.
   time.timeZone = "Europe/Berlin";
 
@@ -316,6 +330,10 @@
     sopsFile = ./secrets/borgbase_ssh_key.yaml;
   };
 
+  sops.secrets."ssh_tmp_key" = {
+    sopsFile = ./secrets/ssh_tmp_key.yaml;
+  };
+
   networking.hostName = "magpie";
 
   networking.firewall.enable = true;
diff --git a/magpie/secrets/ssh_tmp_key.yaml b/magpie/secrets/ssh_tmp_key.yaml
new file mode 100644
index 0000000..73d9cef
--- /dev/null
+++ b/magpie/secrets/ssh_tmp_key.yaml
@@ -0,0 +1,30 @@
+ssh_tmp_key: ENC[AES256_GCM,data:0Nhokwe27gGeGB2ScDPzKvw4QLyveGaQJpCPf8PG/0Pan5W31NAw1suNa3QYeD7AVzhDZzE0g2eCovtNQ3ne1add4FBp670rditi0D2aKgxXL9WAX+Xl+1fsUA5x764oHt58yY9Om3ByJZK3JgDH1JkVauw6+hcURWIx0WjOrO0I75ofdfUy+wEO3Br9mLgtOcUuaXaqc3nUYn5Oo7nk2hK746YRDpq+sA0KZxf49OwPPUz8HgeNOxHWdgp0WHZPk3dDHBBiEQXokdCCWwo+j1L+e9EvrHqjiJ+Yl+02yd1KwcbPnnGyBGrli0JcNpofsCnDQGnrkhHGxJHFZpdIkp1LQWVITpp/BU63sYDIIUXo6AcHOofmqeXZo9rmeHTrA6TpRrMs/aoEQGE+6L3OQTrnTvkdfXvaCJmZ8sWhV5mDzw9x2y6JsWyo65lTRRX+YAvCbkoi7IyCKu1ESrzpFLCUpf4+YBcVrv+RWyQhxVeFMtW6RjpnYYtsAa4WBwdtnxn941zkTLh7rvDhsTy/,iv:UYMgZBIl9HGjFXQskPs5fb64mVlY2PJI8hl80m0tQqU=,tag:O4O6oxtvOR+jiGDlhFk1vg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVWVdrd0xkTk5rUDg0alk2
+            Y1NaaFYxSjBqeG9peW1OQ2VpcEpFVS95SjBFCmFRTk9Ia1RKNzF6eEVCaUxCalVP
+            Qmo1WnNQcEhjZE1USDkxVXo1b2NldXMKLS0tIFRjZlRsOGdGSWxIUlBFQ2xNdEJG
+            RkN1SXJiSlRkQUdSblBlcmV6dEFoSVEKAb+zyJvpBqsBUUu5y7QBIenceTlq5T9k
+            /C2jDZJ7yuKBSYxo3gxyIeyS6Sy+mDcXMcykzVx1NpArhjQVAk7Igw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGbERkSE94MFYrUmV3WXMx
+            TDlDVWZGejhyaEpwY2prQmI4WnhFZk5nZVZVCnY5c1JjNmRYNzRCUFhDQ1NUck1j
+            Q3B6eEFqWGk2a0o0RXZYdXBDRHZrckkKLS0tIFpWdFg5dDQ2djhKWEIxTVQxS1pO
+            UjhBR3liczFmYW5OSERxa240ZzhmRzgKuHazL76dOSmBFvRimkskoO1C95sUVfFf
+            xrTl76N9as5R897gqyX8s6oXYMjHPYYE3ko1VNOT84bTaVwXVu/oaw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-04-21T11:49:14Z"
+    mac: ENC[AES256_GCM,data:EYwpISkIeYnfQp5EbdUKLlyK9OpwmbYOgtzY1jaTPouNk+Snp+yW9t3G+EdOeKxrn1LV7C9Sjd2Qfu/DvFGjfkKS4W7KD3FB+SsBHVefrTl0cRZK0QOhdwqe/A7542x1FWyDMuean28Q4EO72zJU9tn/MvRT+QIiHXtmqu9spIg=,iv:UUXxiBEENjs2vdxzP1QJRU5ZhDyqkqn6Yqft846HIXg=,tag:L+MGa3ORQ7MIqfjdc3VFSg==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1