diff --git a/modules/user/default.nix b/modules/user/default.nix
index 79e32eca..2fd5958e 100644
--- a/modules/user/default.nix
+++ b/modules/user/default.nix
@@ -21,6 +21,11 @@ in
         type = types.nullOr types.str;
         default = null;
       };
+      publicKeys = mkOption {
+        description = "User SSH public keys";
+        type = types.listOf types.path;
+        default = [ ];
+      };
       fullName = mkOption {
         description = "User full name";
         type = types.nullOr types.str;
diff --git a/profiles/base-user/default.nix b/profiles/base-user/default.nix
index ec8145a9..44089bec 100644
--- a/profiles/base-user/default.nix
+++ b/profiles/base-user/default.nix
@@ -19,6 +19,7 @@ in
       extraGroups = [ "wheel" "docker" "input" "audio" "video" "networkmanager" "lp" "scanner" ];
       initialHashedPassword = if psCfg.user.password != null then psCfg.user.password else "";
       shell = pkgs.zsh;
+      openssh.authorizedKeys.keyFiles = if psCfg.user.publicKeys != null then psCfg.user.publicKeys else [];
     };
   };
 }