diff --git a/infra/machines/fedi201/fedipanel.nix b/infra/machines/fedi201/fedipanel.nix
index e713f892..3559eb91 100644
--- a/infra/machines/fedi201/fedipanel.nix
+++ b/infra/machines/fedi201/fedipanel.nix
@@ -55,9 +55,9 @@ in
         COMPRESS_OFFLINE = true;
         LIBSASS_OUTPUT_STYLE = "compressed";
       };
-    # environment = {
-    #   SSH_PRIVATE_KEY_FILE = config.age.secrets.panel-ssh-key.path;
-    # };
+    environment = {
+      SSH_PRIVATE_KEY_FILE = config.age.secrets.panel-ssh-key.path;
+    };
     secrets = {
       SECRET_KEY = config.age.secrets.panel-secret-key.path;
     };
diff --git a/panel/nix/configuration.nix b/panel/nix/configuration.nix
index 24426a96..726446ed 100644
--- a/panel/nix/configuration.nix
+++ b/panel/nix/configuration.nix
@@ -130,6 +130,10 @@ in
         Contents will be appended to the definitions in `settings`.
       '';
     };
+    environment = mkOption {
+      type = types.attrs;
+      default = {};
+    };
     secrets = mkOption {
       type = types.attrsOf types.path;
       default = { };
@@ -208,7 +212,7 @@ in
       #       - manipulation should be straightforward in both places; e.g. dumping secrets to a directory that is not git-tracked and adding values to an attrset otherwise
       #       - error detection and correction; it should be clear where and why one messed up so it can be fixed immediately
       #     We may also want to test the development environment in CI in order to make sure that we don't break it inadvertently, because misconfiguration due to multiplpe sources of truth wastes a lot of time.
-      inherit environment;
+      environment = environment // cfg.environment;
     };
 
     networking.firewall.allowedTCPPorts = [