diff --git a/nixos/modules/config/system-path.nix b/nixos/modules/config/system-path.nix
index 42e40e2af5e4..93574ffcb2ea 100644
--- a/nixos/modules/config/system-path.nix
+++ b/nixos/modules/config/system-path.nix
@@ -8,41 +8,47 @@
 }:
 let
 
-  requiredPackages =
-    map (pkg: lib.setPrio ((pkg.meta.priority or lib.meta.defaultPriority) + 3) pkg)
-      [
-        pkgs.acl
-        pkgs.attr
-        pkgs.bashInteractive # bash with ncurses support
-        pkgs.bzip2
-        pkgs.coreutils-full
-        pkgs.cpio
-        pkgs.curl
-        pkgs.diffutils
-        pkgs.findutils
-        pkgs.gawk
-        pkgs.stdenv.cc.libc
-        pkgs.getent
-        pkgs.getconf
-        pkgs.gnugrep
-        pkgs.gnupatch
-        pkgs.gnused
-        pkgs.gnutar
-        pkgs.gzip
-        pkgs.xz
-        pkgs.less
-        pkgs.libcap
-        pkgs.ncurses
-        pkgs.netcat
-        config.programs.ssh.package
-        pkgs.mkpasswd
-        pkgs.procps
-        pkgs.su
-        pkgs.time
-        pkgs.util-linux
-        pkgs.which
-        pkgs.zstd
-      ];
+  corePackageNames = [
+    "acl"
+    "attr"
+    "bashInteractive" # bash with ncurses support
+    "bzip2"
+    "coreutils-full"
+    "cpio"
+    "curl"
+    "diffutils"
+    "findutils"
+    "gawk"
+    "getent"
+    "getconf"
+    "gnugrep"
+    "gnupatch"
+    "gnused"
+    "gnutar"
+    "gzip"
+    "xz"
+    "less"
+    "libcap"
+    "ncurses"
+    "netcat"
+    "mkpasswd"
+    "procps"
+    "su"
+    "time"
+    "util-linux"
+    "which"
+    "zstd"
+  ];
+  corePackages =
+    (map (
+      n:
+      let
+        pkg = pkgs.${n};
+      in
+      lib.setPrio ((pkg.meta.priority or lib.meta.defaultPriority) + 3) pkg
+    ) corePackageNames)
+    ++ [ pkgs.stdenv.cc.libc ];
+  corePackagesText = "[ ${lib.concatMapStringsSep " " (n: "pkgs.${n}") corePackageNames} ]";
 
   defaultPackageNames = [
     "perl"
@@ -80,6 +86,29 @@ in
         '';
       };
 
+      corePackages = lib.mkOption {
+        type = lib.types.listOf lib.types.package;
+        default = corePackages;
+        defaultText = lib.literalMD ''
+          these packages, with their `meta.priority` numerically increased
+          (thus lowering their installation priority):
+
+              ${corePackagesText}
+        '';
+        example = [ ];
+        description = ''
+          Set of core packages for a normal interactive system.
+
+          Only change this if you know what you're doing!
+
+          Like with systemPackages, packages are installed to
+          {file}`/run/current-system/sw`. They are
+          automatically available to all users, and are
+          automatically updated every time you rebuild the system
+          configuration.
+        '';
+      };
+
       defaultPackages = lib.mkOption {
         type = lib.types.listOf lib.types.package;
         default = defaultPackages;
@@ -151,7 +180,7 @@ in
 
   config = {
 
-    environment.systemPackages = requiredPackages ++ config.environment.defaultPackages;
+    environment.systemPackages = config.environment.corePackages ++ config.environment.defaultPackages;
 
     environment.pathsToLink = [
       "/bin"
diff --git a/nixos/modules/programs/ssh.nix b/nixos/modules/programs/ssh.nix
index a950a1c12b12..cbf1800e8e3b 100644
--- a/nixos/modules/programs/ssh.nix
+++ b/nixos/modules/programs/ssh.nix
@@ -335,6 +335,8 @@ in
       }
     );
 
+    environment.corePackages = [ cfg.package ];
+
     # SSH configuration. Slight duplication of the sshd_config
     # generation in the sshd service.
     environment.etc."ssh/ssh_config".text = ''