diff --git a/hosts/deertopia/configuration.nix b/hosts/deertopia/configuration.nix
index c49cde4..b1577ac 100644
--- a/hosts/deertopia/configuration.nix
+++ b/hosts/deertopia/configuration.nix
@@ -105,16 +105,9 @@
     (import ../../scripts/vpn-tools { inherit pkgs; })
   ];
 
-  services.openssh = {
-    enable = true;
-    settings = {
-      PermitRootLogin = "yes";
-      X11Forwarding = true;
-      # This server is connected to the internet!  Port 22 is open!!
-      # Aagghhhh!!!  Stay safe!
-      PasswordAuthentication = false;
-    };
-  };
+  # This server is connected to the internet!  Port 22 is open!!  Aagghhhh!!!
+  # Stay safe!
+  services.openssh.settings.PasswordAuthentication = false;
 
   # This option defines the first version of NixOS you have installed on this
   # particular machine, and is used to maintain compatibility with application
diff --git a/hosts/fruitbook/configuration.nix b/hosts/fruitbook/configuration.nix
index e31bad0..4b775c8 100644
--- a/hosts/fruitbook/configuration.nix
+++ b/hosts/fruitbook/configuration.nix
@@ -14,6 +14,8 @@
     steam.enable = true;
     bluetooth.enable = true;
     sddm.enable = true;
+    openssh.enable = true;
+
     users.users = [
       "crumb"
       "msyds"
@@ -96,12 +98,6 @@
 
   services.flatpak.enable = true;
 
-  services.openssh = {
-    enable = true;
-    settings.PermitRootLogin = "yes";
-    settings.X11Forwarding = true;
-  };
-
    security.pki.certificateFiles = [
      ../../public-keys/lolc.at.crt
    ];
diff --git a/hosts/sydpc/configuration.nix b/hosts/sydpc/configuration.nix
index c686d19..b60106c 100644
--- a/hosts/sydpc/configuration.nix
+++ b/hosts/sydpc/configuration.nix
@@ -121,12 +121,6 @@
     pkgs.cachix
   ];
 
-  services.openssh = {
-    enable = true;
-    settings.PermitRootLogin = "yes";
-    settings.X11Forwarding = true;
-  };
-
    security.pki.certificateFiles = [
      ../../public-keys/lolc.at.crt
    ];
diff --git a/modules/nixos/openssh.nix b/modules/nixos/openssh.nix
new file mode 100644
index 0000000..87b197e
--- /dev/null
+++ b/modules/nixos/openssh.nix
@@ -0,0 +1,16 @@
+{ config, lib, pkgs, ... }:
+
+let cfg = config.sydnix.openssh;
+in {
+  options.sydnix.openssh = {
+    enable = lib.mkEnableOption "OpenSSH server";
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.openssh = {
+      enable = true;
+      settings.PermitRootLogin = "yes";
+      settings.X11Forwarding = true;
+    };
+  };
+}