diff --git a/machines/ap01/_configuration.nix b/machines/ap01/_configuration.nix
index 716256d..0284ae0 100644
--- a/machines/ap01/_configuration.nix
+++ b/machines/ap01/_configuration.nix
@@ -14,11 +14,11 @@ let
   #  inherit (pkgs) writeText;
   svc = config.system.service;
   secrets-1 = {
-    ssid = "Zyxel 2G (N)";
+    ssid = "DGNum 2G prototype (N)";
     wpa_passphrase = "diamond dogs";
   };
   secrets-2 = {
-    ssid = "Zyxel 5G (AX)";
+    ssid = "DGNum 5G prototype (AX)";
     wpa_passphrase = "diamond dogs";
   };
   baseParams = {
@@ -72,19 +72,20 @@ rec {
     "${modulesPath}/ntp"
     "${modulesPath}/vlan"
     "${modulesPath}/bridge"
+    ../../modules/dgn-access-control.nix
+    # TODO: god that's so a fucking hack.
+    (import "${modulesPath}/../devices/zyxel-nwa50ax").module
   ];
 
-  hostname = "zyxel";
+  hostname = "ap01-prototype";
 
+  # SSH keys are handled by the access control module.
+  dgn-access-control.enable = true;
   users.root = {
     # EDIT: choose a root password and then use
     # "mkpasswd -m sha512crypt" to determine the hash.
     # It should start wirh $6$.
-    passwd = "$y$j9T$f8GhLiqYmr3lc58eKhgyD0$z7P/7S9u.kq/cANZExxhS98bze/6i7aBxU6tbl7RMi.";
-    openssh.authorizedKeys.keys = [
-      # EDIT: you can add your ssh pubkey here
-      # "ssh-rsa AAAAB3NzaC1....H6hKd user@example.com";
-    ];
+    passwd = "$6$jVXFFOp8HBYmgINR$lutB4kvw.W1jlXRby9ZYAgBitQ32RxQdYAGN.s2x4ris8J07vM6tzlRBQoeLELOIEMClDzbciQV0itfHQnTqd1";
   };
 
   services.int = svc.bridge.primary.build { ifname = "int"; };
diff --git a/meta/nodes.nix b/meta/nodes.nix
index 2773af3..d538a1b 100644
--- a/meta/nodes.nix
+++ b/meta/nodes.nix
@@ -90,6 +90,7 @@
   # Access points definition
   ap01 = {
     site = "unknown";
+    adminGroups = [ "fai" ];
 
     system = "zyxel-nwa50ax";
   };
diff --git a/meta/organization.nix b/meta/organization.nix
index cf5eab5..b8248b8 100644
--- a/meta/organization.nix
+++ b/meta/organization.nix
@@ -87,6 +87,12 @@
       "fai"
     ];
 
+    # AP administration DGNum
+    ap.adminGroups = [
+      "root"
+      "fai"
+    ];
+
     # Videos DGNum
     peertube.admins = [ "thubrecht" ];
   };
diff --git a/modules/dgn-access-control.nix b/modules/dgn-access-control.nix
index 375ea9c..28bd7db 100644
--- a/modules/dgn-access-control.nix
+++ b/modules/dgn-access-control.nix
@@ -44,6 +44,7 @@ let
     mkDefault
     mkEnableOption
     mkIf
+    mkMerge
     mkOption
 
     types
@@ -78,12 +79,20 @@ in
     };
   };
 
-  config = mkIf cfg.enable {
-    # Admins have root access to the node
-    dgn-access-control.users.root = mkDefault admins;
-
-    users.users = builtins.mapAttrs (_: members: {
-      openssh.authorizedKeys.keys = lib.extra.getAllKeys members;
-    }) cfg.users;
-  };
+  config = mkIf cfg.enable (mkMerge [
+    {
+      # Admins have root access to the node
+      dgn-access-control.users.root = mkDefault admins;
+    }
+    (mkIf (nodeMeta.system == "nixos") {
+      users.users = builtins.mapAttrs (_: members: {
+        openssh.authorizedKeys.keys = lib.extra.getAllKeys members;
+      }) cfg.users;
+    })
+    (mkIf (nodeMeta.system == "zyxel-nwa50ax") {
+      users = builtins.mapAttrs (_: members: {
+        openssh.authorizedKeys.keys = lib.extra.getAllKeys members;
+      }) cfg.users;
+    })
+  ]);
 }