diff --git a/README.md b/README.md
index 7f754d6..74bafbd 100644
--- a/README.md
+++ b/README.md
@@ -7,6 +7,7 @@
   - [Synopsis](#synopsis)
   - [WARNING](#warning)
   - [Features](#features)
+  - [Adding custom configurations](#adding-custom-configurations)
   - [Support](#support)
   - [Parameter Inheritance](#parameter-inheritance)
   - [Module Deployment](#module-deployment)
@@ -29,7 +30,29 @@
 - manage service
 - (optional) manage firewall
 
-> ToDo: Define for custom drop-in configurations
+## Adding custom configurations
+
+Custom configuration files live in  `/etc/ssh/sshd_config.d/`. IN order to create a custom config file, add a stanza like this in your control repo:
+
+```puppet
+confdroid_ssh::custom::custom_config { '30-my-custom-rule':
+  config_name    => '30-custom-rule',
+  config_content => ['PasswordAuthentication no'],
+}
+```
+
+This will create a file /etc/ssh/sshd_config.d/30-custom-rule.conf with this content:
+
+```puppet
+###############################################################################
+##### DO NOT EDIT THIS FILE MANUALLY                                          #
+##### This file is managed by Puppet. Any changes to this file will be        #
+##### overwritten. Update the Puppet define input instead.                    #
+###############################################################################
+PasswordAuthentication no
+```
+
+Note that the value for config_content **has to be an array**, even if only one key pair is in there. This field is designed to hold multiple values, which create one line in the config file each.
 
 ## Support
 
diff --git a/manifests/custom/custom_config.pp b/manifests/custom/custom_config.pp
index db514a8..aaf4a3a 100644
--- a/manifests/custom/custom_config.pp
+++ b/manifests/custom/custom_config.pp
@@ -6,6 +6,13 @@
 #   (without .conf extension)
 # @param [Array[String]] config_content array of configuration lines to 
 #   include in the custom config
+# @example
+#   confdroid_ssh::custom::custom_config { '50-test':
+#    config_name    => '50-test',
+#    config_content => ['PasswordAuthentication no'],
+#  }
+# this will create a file called /etc/ssh/sshd_config.d/50-test.conf with the content:
+#   PasswordAuthentication no and notify the sshd service to reload the configuration
 ##############################################################################
 define confdroid_ssh::custom::custom_config (
 
@@ -17,11 +24,10 @@ define confdroid_ssh::custom::custom_config (
   $sshd_service      = $confdroid_ssh::params::sshd_service
   $custom_config_erb = 'confdroid_ssh/custom_config.erb'
   $config_basename   = regsubst($config_name, '\\.conf$', '')
-  $config_file       = "${config_basename}.conf"
+  $config_file       = "${config_name}.conf"
 
   file { "${sshd_custom_path}/${config_file}":
     ensure   => file,
-    content  => template($custom_config_erb),
     owner    => 'root',
     group    => 'root',
     mode     => '0600',
@@ -29,6 +35,7 @@ define confdroid_ssh::custom::custom_config (
     selrole  => object_r,
     seltype  => etc_t,
     seluser  => system_u,
+    content  => template($custom_config_erb),
     notify   => Service[$sshd_service],
   }
 }