diff --git a/profiles/core/default.nix b/profiles/core/default.nix
index f3136372..d146bfb1 100644
--- a/profiles/core/default.nix
+++ b/profiles/core/default.nix
@@ -117,7 +117,8 @@ in
     # For rage encryption, all hosts need a ssh key pair
     services.openssh = {
       enable = true;
-      openFirewall = lib.mkDefault false;
+      openFirewall = lib.mkDefault true;
+      passwordAuthentication = false;
     };
 
     # Service that makes Out of Memory Killer more effective
diff --git a/profiles/iot/default.nix b/profiles/iot/default.nix
new file mode 100644
index 00000000..185a9ce0
--- /dev/null
+++ b/profiles/iot/default.nix
@@ -0,0 +1,8 @@
+{ self, config, lib, pkgs, ... }:
+let inherit (lib) fileContents;
+in
+{
+  pub-solar.graphical.enable = false;
+  pub-solar.x-os.localProxyService.enable = false;
+  pub-solar.sway.enable = false;
+}