diff --git a/bundles/icinga2/files/icinga2/users.conf b/bundles/icinga2/files/icinga2/users.conf
index 0a05dc3..cf5a55e 100644
--- a/bundles/icinga2/files/icinga2/users.conf
+++ b/bundles/icinga2/files/icinga2/users.conf
@@ -2,13 +2,20 @@ object UserGroup "on-call_sms" {
     display_name = "On-Call Support"
 }
 
-% for username in sorted(node.metadata.get('icinga2', {}).get('icinga_users', {})):
+% for username, config in sorted(node.metadata.get('icinga2', {}).get('icinga_users', {}).items()):
 object User "${username}" {
   display_name = "${username}"
   enable_notifications = true
-  period = "24x7"  # Is overwritten in notifications.conf
+  period = "24x7"
   states = [ OK, Critical, Up, Down ]
   types = [ Problem, Recovery ]
+
+% if config['is_admin']:
+  groups = [ "on-call_sms" ]
+% endif
+
+  email = "${config['email']}"
+  vars.mobile = "${config['phone']}"
 }
 
 % endfor
diff --git a/bundles/icinga2/metadata.py b/bundles/icinga2/metadata.py
index 06ea36c..2378a9c 100644
--- a/bundles/icinga2/metadata.py
+++ b/bundles/icinga2/metadata.py
@@ -1,3 +1,6 @@
+from json import loads
+from os.path import join
+
 defaults = {
     'apt': {
         'repos': {
@@ -46,3 +49,27 @@ defaults = {
         },
     },
 }
+
+@metadata_reactor
+def add_users_from_json(metadata):
+    with open(join(repo.path, 'users.json'), 'r') as f:
+        json = loads(f.read())
+
+    users = {}
+    for uname, config in json.items():
+        users[uname] = {
+            'email': '',
+            'phone': '',
+            'is_admin': config.get('is_admin', False),
+        }
+
+        if 'email' in config:
+            users[uname]['email'] = repo.vault.decrypt(config['email'])
+        if 'phone' in config:
+            users[uname]['phone'] = repo.vault.decrypt(config['phone'])
+
+    return {
+        'icinga2': {
+            'icinga_users': users,
+        },
+    }
diff --git a/nodes/ovh/icinga2.py b/nodes/ovh/icinga2.py
index d24971b..86de8ae 100644
--- a/nodes/ovh/icinga2.py
+++ b/nodes/ovh/icinga2.py
@@ -26,11 +26,6 @@ nodes['ovh.icinga2'] = {
                 'php-imagick': {},
             },
         },
-        'icinga2': {
-            'icinga_users': {
-                'kunsi',
-            },
-        },
         'nginx': {
             'vhosts': {
                 'icingaweb': {
diff --git a/users.json b/users.json
index 08ffcf5..15b96c9 100644
--- a/users.json
+++ b/users.json
@@ -3,6 +3,8 @@
         "ssh_pubkey": [
             "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+ja1z5VRQzaKCCePsUM14qMr9QR94qlWc7Je5Poki9UmC1t/TyxRVzcCBL1ZdIfBGx6QKtfkEbvhgb3nxVt3PvXjoJrc6wwGLmNrVsU6B88y35g7nzupQiPKYJwkNzJ9j6Dmkgj1F5Q+aY2SitDaX6vqICLJ4Al/ZFw2IQxVJfC7JXRJ9jRMG5o9gWoE3gWDYEAmw+HU2mNzyeuaD12qJw9DHUimAlgkOWzll3gh9WclsYnnXGrCCn5fyHFUCJl+XXAIy519z7YTpKih02rsIOw5dnaGClBZD/YQu2ZKVFZiwIVH7aBiqHOmtgRyWTQgjbh/fMpIN0ar2f/iZsWYUjd6et48TOmXZYIPCQ5FivXNvxt9oo1XZfq76UHBwlmypLJIWROMbz375n2M6hr3hECuxuPjKEUXAv05KiC1aJ4xc6pFoVhqwAR99hvHw5U4o7/ko2NVjNpTu6Jr5DT5VaQLIdDDjC/93kUjMpdD/8P72bEn7454+WexU6OE6uvNiHj1fetrptr2UAuzVfnCoaV8pBqY7X95gk+lnSENdpr8ltJYMg8s0Z7Pzz0OxsZtzzDY5VmWfC9TCdJkN5lT8IbnaixsYlWdjQl1lMmZGElmelfU3K7YQLAbZiHmHKe4hTl9ZoCcWdTQ3d4y2t1DBos+N2HZNdtFCyOS8esDdMw== cardno:000609506971"
         ],
+        "email": "encrypt$gAAAAABfuXj1DQ3yUn0rEdN2koT1hzgHwCwNp00a0KkWoT_FTsild1zIBpfIiI07AmgIZ5FpyhKH5bSdCVLKc0p4rQuxLrLWpw==",
+        "phone": "encrypt$gAAAAABfuXkP2GetSvTd9JJFz4V2v5r5NubihFRg2AB91mtvXpUVUiflzy1VHQJ_qbp6Rke5LEXbtlluNkAa3OOAr_c9L6Pstw==",
         "is_admin": true
     },
     "sophie": {