diff --git a/modules/hosts/test-nix.nix b/modules/hosts/test-nix.nix
index ab19591..75113a9 100644
--- a/modules/hosts/test-nix.nix
+++ b/modules/hosts/test-nix.nix
@@ -19,6 +19,7 @@ in
       inputs.home-manager.nixosModules.home-manager
       nixos."${username}"
       nixos.lxc
+      nixos.sudo
       nixos.zsh
       nixos.docker
       {
@@ -27,6 +28,9 @@ in
         };
 
         home-manager.users."${username}" = {
+          imports = with inputs.self.modules.homeManager; [
+            step-client
+          ];
           shell.program = "zsh";
           docker.enable = true;
           ssh.matchSets = {
diff --git a/modules/nixos/lxc.nix b/modules/nixos/lxc.nix
index fb05a35..1cd339f 100644
--- a/modules/nixos/lxc.nix
+++ b/modules/nixos/lxc.nix
@@ -9,7 +9,7 @@
     nix.settings.experimental-features = [ "nix-command" "flakes" ];
     environment.systemPackages = with pkgs; [ git zsh ];
 
-    security.sudo-rs.enable = true;
+    # security.sudo-rs.enable = true;
     programs.nix-ld.enable = true;
     nix.optimise.automatic = true;
     nix.gc = {
diff --git a/modules/programs/step-client.nix b/modules/programs/step-client.nix
new file mode 100644
index 0000000..dbbc200
--- /dev/null
+++ b/modules/programs/step-client.nix
@@ -0,0 +1,12 @@
+{ inputs, ... }:
+{
+  flake.modules.homeManager.step-client = { pkgs, ... }: {
+    home.packages = with pkgs; [
+      step-cli
+      (writeShellScriptBin "check-ssh" ''
+        set -euo pipefail
+        bash <(curl -sL https://gitea.john-stream.com/john/janus/raw/branch/main/scripts/ssh-server-check.sh)
+      '')
+    ];
+  };
+}
diff --git a/modules/programs/sudo.nix b/modules/programs/sudo.nix
new file mode 100644
index 0000000..ecbbe54
--- /dev/null
+++ b/modules/programs/sudo.nix
@@ -0,0 +1,29 @@
+{ inputs, ... }: {
+  flake.modules.nixos.sudo = { pkgs, lib, ... }: {
+    security.sudo = {
+      enable = true;
+      extraRules = [{
+        commands = [
+          {
+            command = "${pkgs.systemd}/bin/systemctl suspend";
+            options = [ "NOPASSWD" ];
+          }
+          {
+            command = "${pkgs.systemd}/bin/reboot";
+            options = [ "NOPASSWD" ];
+          }
+          {
+            command = "${pkgs.systemd}/bin/poweroff";
+            options = [ "NOPASSWD" ];
+          }
+        ];
+        groups = [ "wheel" ];
+      }];
+      extraConfig = with pkgs; ''
+        Defaults:picloud secure_path="${lib.makeBinPath [
+          systemd
+        ]}:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"
+      '';
+    };
+  };
+}
\ No newline at end of file