diff --git a/deployment/data-model-test.nix b/deployment/data-model-test.nix
index cc9b83fa..9163eafb 100644
--- a/deployment/data-model-test.nix
+++ b/deployment/data-model-test.nix
@@ -17,12 +17,20 @@ in
     expr =
       let
         example = eval {
-          runtime-configurations.nixos =
+          runtime-configurations.single-ssh-host =
             { ... }:
             {
               system.stateVersion = "25.05";
             };
-          runtime-environments.bar.nixos = { };
+          runtime-environments.bar = {
+            single-ssh-host = {
+              ssh = {
+                host = "localhost";
+                username = "root";
+                authentication.password = "";
+              };
+            };
+          };
           applications.foo = {
             module =
               { pkgs, ... }:
@@ -35,8 +43,8 @@ in
         };
       in
       {
-        has-runtime-configuration = lib.isAttrs example.runtime-configurations.nixos;
-        has-runtime-environment = lib.isAttrs example.runtime-environments.bar.nixos.module;
+        has-runtime-configuration = lib.isAttrs example.runtime-configurations.single-ssh-host;
+        has-runtime-environment = lib.isAttrs example.runtime-environments.bar.single-ssh-host.module;
         has-application = lib.isAttrs example.applications.foo.module;
       };
     expected = {
diff --git a/deployment/data-model.nix b/deployment/data-model.nix
index b6e11a17..e0ed15c2 100644
--- a/deployment/data-model.nix
+++ b/deployment/data-model.nix
@@ -15,8 +15,10 @@ let
     attrTag
     deferredModule
     mergeTypes
+    nullOr
     submoduleWith
     submodule
+    str
     ;
   runtime-configuration = mkOption {
     description = "The NixOS module of a run-time environment";
@@ -45,9 +47,49 @@ let
         )
       )
       {
-        nixos = {
-          description = "A NixOS instance to deploy to.";
+        vm = {
+          description = "A VM to deploy to.";
           type = submodule {
+            options = {
+            };
+          };
+        };
+        single-ssh-host = {
+          description = "A single host to deploy to by SSH.";
+          type = submodule {
+            options = {
+              ssh = mkOption {
+                description = "SSH connection info";
+                type = submodule {
+                  options = {
+                    host = mkOption {
+                      description = "the host to access by SSH";
+                      type = str;
+                    };
+                    username = mkOption {
+                      description = "the SSH user to use";
+                      type = nullOr str;
+                      default = null;
+                    };
+                    authentication = mkOption {
+                      description = "authentication method";
+                      type = attrsOf (attrTag {
+                        private-key = mkOption {
+                          description = "path to the user's SSH private key";
+                          type = str;
+                          example = "/root/.ssh/id_ed25519";
+                        };
+                        password = mkOption {
+                          description = "SSH password";
+                          # TODO: mark as sensitive
+                          type = str;
+                        };
+                      });
+                    };
+                  };
+                };
+              };
+            };
           };
         };
       }