diff --git a/flake.nix b/flake.nix
index 006d52d..7e6f21a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -477,6 +477,9 @@
             unstable = true;
             minimal = true;
           };
+          optionsDocNixOnDroid = (pkgs.nixosOptionsDoc {
+            inherit (self.nixOnDroidConfigurations.default) options;
+          }).optionsCommonMark;
           sopsConfig = plain.config.vacu.sopsConfigFile;
           sourceTree = plain.config.vacu.sourceTree;
           units = plain.config.vacu.units.finalPackage;
diff --git a/nix-on-droid/sshd.nix b/nix-on-droid/sshd.nix
index 8a2a86a..0010123 100644
--- a/nix-on-droid/sshd.nix
+++ b/nix-on-droid/sshd.nix
@@ -532,6 +532,27 @@ in
       '')}
     '';
 
+    vacu.packages = [ (pkgs.writeScriptBin "run-sshd" ''
+      ${lib.flip lib.concatMapStrings cfg.hostKeys (k: ''
+        if ! [ -s "${k.path}" ]; then
+            if ! [ -h "${k.path}" ]; then
+                rm -f "${k.path}"
+            fi
+            mkdir -p "$(dirname '${k.path}')"
+            chmod 0755 "$(dirname '${k.path}')"
+            ssh-keygen \
+              -t "${k.type}" \
+              ${lib.optionalString (k ? bits) "-b ${toString k.bits}"} \
+              ${lib.optionalString (k ? rounds) "-a ${toString k.rounds}"} \
+              ${lib.optionalString (k ? comment) "-C '${k.comment}'"} \
+              ${lib.optionalString (k ? openSSHFormat && k.openSSHFormat) "-o"} \
+              -f "${k.path}" \
+              -N ""
+        fi
+      '')}
+      exec ${cfg.package}/bin/sshd -D -f /etc/ssh/sshd_config "$@"
+    '') ];
+
     vacu.checks = [
       (pkgs.runCommand "check-sshd-config"
         {