diff --git a/features/user-matej.nix b/features/user-matej.nix
index ab0065f..47b0bf9 100644
--- a/features/user-matej.nix
+++ b/features/user-matej.nix
@@ -12,6 +12,8 @@ in
   nixos =
     { pkgs, ... }:
     {
+      programs.zsh.enable = true;
+
       users.users.matej = {
         uid = 1000;
         isNormalUser = true;
diff --git a/flake/hosts.nix b/flake/hosts.nix
index c6332b9..e50556d 100644
--- a/flake/hosts.nix
+++ b/flake/hosts.nix
@@ -67,6 +67,7 @@ in
     # nixos-rebuild build-image --image-variant install-iso --flake .#iso
     iso = mkHost "iso" {
       system = "x86_64-linux";
+      user = "matej";
       features = [
         "openssh"
       ];
diff --git a/hosts/iso/configuration.nix b/hosts/iso/configuration.nix
index ff94e9c..5639516 100644
--- a/hosts/iso/configuration.nix
+++ b/hosts/iso/configuration.nix
@@ -1,32 +1,11 @@
-{
-  userKeys,
-  ...
-}:
-{
+_: {
   image.modules.iso-installer = {
     isoImage.squashfsCompression = "zstd -Xcompression-level 6";
   };
 
-  networking.firewall.allowedTCPPorts = [ 22 ];
-
-  users = {
-    groups.matej = {
-      gid = 1000;
-    };
-    users.matej = {
-      group = "matej";
-      uid = 1000;
-      isNormalUser = true;
-      home = "/home/matej";
-      createHome = true;
-      password = "burek123";
-      extraGroups = [
-        "wheel"
-        "users"
-      ];
-      openssh.authorizedKeys.keys = userKeys.sshAuthorizedKeys or [ ];
-    };
-  };
+  # live iso: passwordless login and sudo
+  users.users.matej.initialHashedPassword = "";
+  security.sudo.wheelNeedsPassword = false;
 
   system.stateVersion = "25.05";
 }