diff --git a/flake.nix b/flake.nix
index 5596e44..58752d3 100644
--- a/flake.nix
+++ b/flake.nix
@@ -52,15 +52,12 @@
 
         bengal = { };
         ocelot = { };
+        iso = { };
       };
 
-      nixosConfigurations = {
-        test = nixpkgs.lib.nixosSystem {
-          system = "x86_64-linux";
-          specialArgs = { inherit inputs outputs; };
-          modules = [ ./hosts/test-vm ./hosts/common (import "${home-manager}/nixos") ];
-        };
-      } // colmenaHive.nodes;
+      nixosConfigurations = { } // colmenaHive.nodes;
+
+      packages.x86_64-linux.iso = self.nixosConfigurations.iso.config.system.build.isoImage;
 
       homeConfigurations =
         let
diff --git a/hosts/iso/default.nix b/hosts/iso/default.nix
new file mode 100644
index 0000000..076419a
--- /dev/null
+++ b/hosts/iso/default.nix
@@ -0,0 +1,30 @@
+{ modulesPath, pkgs, ... }:
+{
+  imports = [
+    "${modulesPath}/installer/cd-dvd/installation-cd-graphical-plasma5.nix"
+  ];
+
+  # Enables copy / paste when running in a KVM with spice.
+  services.spice-vdagentd.enable = true;
+
+  users.users.nixos.shell = pkgs.fish;
+  programs.fish.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    mkpasswd
+    nixpkgs-fmt
+    neovim-unwrapped
+    xclip
+  ];
+
+  home-manager.users.nixos = {
+    imports = [
+      ../../modules/home/foot.nix
+    ];
+    home.stateVersion = "23.11";
+
+  };
+  # Use faster squashfs compression
+  isoImage.squashfsCompression = "gzip -Xcompression-level 1";
+}
+
diff --git a/profiles/base/default.nix b/profiles/base/default.nix
index 23687a1..904b40f 100644
--- a/profiles/base/default.nix
+++ b/profiles/base/default.nix
@@ -42,7 +42,7 @@
       StreamLocalBindUnlink yes
     '';
     settings = {
-      PermitRootLogin = "no";
+      PermitRootLogin = lib.mkOverride 999 "no";
       PasswordAuthentication = false;
       Macs = [
         "hmac-sha2-512"