diff --git a/global/auth/default.nix b/global/auth/default.nix
index aaad15f3..45e245fd 100644
--- a/global/auth/default.nix
+++ b/global/auth/default.nix
@@ -7,6 +7,8 @@
     builtins.readDir
     (lib.filterAttrs (n: ty: ty == "regular"))
     (lib.mapAttrsToList (n: _: builtins.readFile ./pub/${n}))
+    (foldr (payload: keys: (splitString "\n" payload) ++ keys) [ ])
+    (foldr (candidate: keys: keys ++ (if candidate == "" then [ ] else [ candidate ])) [ ])
   ];
 in {
   options.global.auth = {
@@ -15,7 +17,7 @@ in {
       enable = mkEnableOption "openssh server";
       password = mkEnableOption "password authentication";
       publicKeys = mkOption {
-        type = with types; listOf str;
+        type = with types; listOf singleLineStr;
         default = pub;
         description = "list of trusted openssh keys";
       };