diff --git a/nixos/systems/blowhole/ssh-machine-access.nix b/nixos/systems/blowhole/ssh-machine-access.nix
new file mode 100644
index 0000000..0579c3c
--- /dev/null
+++ b/nixos/systems/blowhole/ssh-machine-access.nix
@@ -0,0 +1,19 @@
+{
+  pkgs,
+  lib,
+  ...
+}: let
+  inherit (lib) getExe';
+in {
+  users.groups."bot" = {};
+  users.users."bot" = {
+    group = "bot";
+    home = "/var/empty";
+    shell = "${getExe' pkgs.busybox "sh"}";
+    isNormalUser = false;
+    isSystemUser = true;
+    openssh.authorizedKeys.keys = [
+      ''restrict,command="echo \"It's working\"" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFVkFvalffJ/SMjJGG3WPiqCqFygnWzhGUaeALBIoCsJ (none)''
+    ];
+  };
+}