diff --git a/modules/home-manager/ssh.nix b/modules/home-manager/ssh.nix
index 386c06c..a62666c 100644
--- a/modules/home-manager/ssh.nix
+++ b/modules/home-manager/ssh.nix
@@ -5,18 +5,23 @@ in
 {
   flake.homeModules.ssh = { pkgs, config, lib, ... }:
   {
-    options = {
-      sshIdentityFile = lib.mkOption {
+    options.ssh = {
+      IdentityFile = lib.mkOption {
         # Intentionally not using a path type here because that will end up with the private key getting copied into the store
         type = lib.types.str;
         default = "${config.home.homeDirectory}/.ssh/id_ed25519";
         description = "Path to the SSH identity file.";
       };
+
+      matchSets = {
+        appdaemon = lib.mkEnableOption "Enable AppDaemon SSH targets";
+        certs = lib.mkEnableOption "Enable Janus and Soteria SSH targets";
+      };
     };
 
     # All this stuff has to be wrapped in a config attribute because of the presence of the options here?
     config = let
-      identityFile = config.sshIdentityFile;
+      identityFile = config.ssh.IdentityFile;
       publicKeyFile = "${identityFile}.pub";
       certificateFile = "${identityFile}-cert.pub";
       userKnownHostsFile = "${config.home.homeDirectory}/.ssh/known_hosts";
@@ -40,33 +45,41 @@ in
           IdentityAgent ~/.1password/agent.sock
         '';
 
-        matchBlocks = {
-          "*" = {
-            user = "john";
+        matchBlocks = lib.mkMerge [
+          {
+            "*" = {
+              user = "john";
 
-            compression = false;
-            serverAliveInterval = 0;
-            serverAliveCountMax = 3;
+              compression = false;
+              serverAliveInterval = 0;
+              serverAliveCountMax = 3;
 
-            identitiesOnly = true;
-            inherit identityFile certificateFile;
+              identitiesOnly = true;
+              inherit identityFile certificateFile;
 
-            hashKnownHosts = false;
-            userKnownHostsFile = "${userKnownHostsFile}";
+              hashKnownHosts = false;
+              userKnownHostsFile = "${userKnownHostsFile}";
 
-            addKeysToAgent = "yes";
-            forwardAgent = false;
-          };
-
-          "janus" = {
-            hostname = "janus.john-stream.com";
-            user = "root";
-          };
-          "soteria" = {
-            hostname = "soteria.john-stream.com";
-            user = "john";
-          };
-        };
+              addKeysToAgent = "yes";
+              forwardAgent = false;
+            };
+          }
+          (lib.mkIf config.ssh.matchsets.appdaemon {
+            "appdaemon" = {
+              hostname = "192.168.1.242";
+            };
+          })
+          (lib.mkIf config.ssh.matchsets.certs {
+            "janus" = {
+              hostname = "janus.john-stream.com";
+              user = "root";
+            };
+            "soteria" = {
+              hostname = "soteria.john-stream.com";
+              user = "john";
+            };
+          })
+        ];
       };
     };
   };