diff --git a/configuration.nix b/configuration.nix
index e85cab7..df7abdb 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -26,12 +26,13 @@
   services.openssh.enable = true;
   users.users.root.openssh.authorizedKeys.keys = [
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMBW7rTtfZL9wtrpCVgariKdpN60/VeAzXkh9w3MwbO julien@enigma"
-    # TODO: add cst1's SSH key
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKrijwPlb7KQkYPLznMPVzPPT69cLzhEsJzZi9tmxzTh cst1@x270"
   ];
 
   security.acme.acceptTerms = true;
   security.acme.defaults.email = "webmaster@nixos.org";
 
+  # TODO: open the right ports
   networking.firewall.allowedTCPPorts = [
     80
     443
diff --git a/flake.nix b/flake.nix
index 964d0b8..e2e7405 100644
--- a/flake.nix
+++ b/flake.nix
@@ -46,7 +46,7 @@
           ];
           extraModules = [ inputs.colmena.nixosModules.deploymentOptions ];
         }
-      ) { hashes = import ./configuration.nix; };
+      ) { photoprism = import ./configuration.nix; };
 
       colmena = {
         meta = {
diff --git a/photoprism.nix b/photoprism.nix
index 7c19648..478d06e 100644
--- a/photoprism.nix
+++ b/photoprism.nix
@@ -10,10 +10,11 @@
       PHOTOPRISM_SITE_CAPTION = "PhotoPrism";
     };
 
-    # TODO: public web address
-    address = "photoprism.what?";
+    originalsPath = "/photoprism/photos";
+    importPath = "/photoprism/imports";
 
-    # TODO: add admin password file (agenix?)
-    passwordFile = "";
+    address = "localhost";
+
+    passwordFile = "/passwords/photoprism";
   };
 }