diff --git a/hosts/hyrule/default.nix b/hosts/hyrule/default.nix
index e8fcd7a..3cc73c2 100755
--- a/hosts/hyrule/default.nix
+++ b/hosts/hyrule/default.nix
@@ -12,7 +12,6 @@ in {
   imports = [
     ./hardware-configuration.nix
     (import "${home-manager}/nixos")
-    #../../flakes/wishlist/wishlist.nix
     #../modules/server/nginx.nix
     #../modules/server/ssh.nix
     #../modules/server/fail2ban.nix
@@ -89,12 +88,8 @@ in {
         ];
       };
 
-      subspace = let
-        # override
-        wishlistBash =
-          pkgs.bash.override {
-          };
-      in {
+      # TODO: reduce security implications of subspace
+      subspace = {
         isNormalUser = true;
         shell = pkgs.bash;
         home = "/home/subspace";
@@ -102,15 +97,6 @@ in {
           wishlist
         ];
       };
-
-      # user for friends to ssh into
-      friends = {
-        isNormalUser = true;
-        shell = pkgs.bash;
-        home = "/home/friends"; # TEMP: remove and replace with home-manager
-        packages = with pkgs; [
-        ];
-      };
     };
   };
 
@@ -196,9 +182,9 @@ in {
       enable = true;
       ports = [22];
       settings = {
-        PasswordAuthentication = true;
+        PasswordAuthentication = false;
         PermitRootLogin = "no";
-        AllowUsers = ["ae" "subspace"]; # allow all users by default
+        AllowUsers = ["ae" "subspace"]; # DO NOT ALLOW ALL
         UseDns = true;
         X11Forwarding = false;
       };