diff --git a/nixos/configurations/Tytonidae/default.nix b/nixos/configurations/Tytonidae/default.nix
index d9eae92..a9c83a1 100644
--- a/nixos/configurations/Tytonidae/default.nix
+++ b/nixos/configurations/Tytonidae/default.nix
@@ -8,7 +8,6 @@
       ./i18n.nix
       ./gui.nix
       ./users
-      ./openssh.nix
       ./kvm.nix
       ./nh.nix
       ./steam.nix
@@ -26,6 +25,7 @@
     };
     programs = {
       dae.enable = true;
+      openssh.enable = true;
     };
   };
 
@@ -50,7 +50,6 @@
 
     element-desktop
     discord-ptb
-    asusctl
     vlc
     btop
     handbrake
@@ -61,12 +60,6 @@
 
   environment.variables.EDITOR = "hx";
 
-  nixpkgs = {
-    config = {
-      allowUnfree = true;
-    };
-  };
-
   boot = {
     kernelPackages = pkgs.linuxPackages_zen;
     loader.systemd-boot.enable = true;
diff --git a/nixos/configurations/Tytonidae/openssh.nix b/nixos/configurations/Tytonidae/openssh.nix
deleted file mode 100644
index 9a20b0f..0000000
--- a/nixos/configurations/Tytonidae/openssh.nix
+++ /dev/null
@@ -1,37 +0,0 @@
-{ ... }:
-{
-  services.openssh = {
-    enable = true;
-    settings = {
-      PasswordAuthentication = false;
-      KbdInteractiveAuthentication = false;
-      X11Forwarding = true;
-      PermitRootLogin = "no";
-      LogLevel = "VERBOSE";
-      Macs = [
-        "hmac-sha2-512-etm@openssh.com"
-        "hmac-sha2-256-etm@openssh.com"
-        "umac-128-etm@openssh.com"
-        "hmac-sha2-512"
-        "hmac-sha2-256"
-        "umac-128@openssh.com"
-      ];
-      Ciphers = [
-        "chacha20-poly1305@openssh.com"
-        "aes256-gcm@openssh.com"
-        "aes128-gcm@openssh.com"
-        "aes256-ctr"
-        "aes192-ctr"
-        "aes128-ctr"
-      ];
-      KexAlgorithms = [
-        "curve25519-sha256@libssh.org"
-        "ecdh-sha2-nistp521"
-        "ecdh-sha2-nistp384"
-        "ecdh-sha2-nistp256"
-        "diffie-hellman-group-exchange-sha256"
-      ];
-    };
-    ports = [ 3022 ];
-  };
-}
diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix
index f61187f..e65e5d6 100644
--- a/nixos/modules/default.nix
+++ b/nixos/modules/default.nix
@@ -18,6 +18,7 @@
       ./home.nix
       ./sops.nix
       ./dae
+      ./openssh.nix
     ];
 
   config = {
diff --git a/nixos/modules/nix.nix b/nixos/modules/nix.nix
index 127cb66..b33c101 100644
--- a/nixos/modules/nix.nix
+++ b/nixos/modules/nix.nix
@@ -7,6 +7,11 @@
 }:
 {
   config = {
+    nixpkgs = {
+      config = {
+        allowUnfree = true;
+      };
+    };
     nix = {
       nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
       settings = {
diff --git a/nixos/modules/openssh.nix b/nixos/modules/openssh.nix
new file mode 100644
index 0000000..50dd803
--- /dev/null
+++ b/nixos/modules/openssh.nix
@@ -0,0 +1,47 @@
+{ config, lib, ... }:
+let
+  cfg = config.youthlic.programs.openssh;
+in
+{
+  options = {
+    youthlic.programs.openssh = {
+      enable = lib.mkEnableOption "openssh";
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    services.openssh = {
+      enable = true;
+      settings = {
+        PasswordAuthentication = false;
+        KbdInteractiveAuthentication = false;
+        X11Forwarding = true;
+        PermitRootLogin = "no";
+        LogLevel = "VERBOSE";
+        Macs = [
+          "hmac-sha2-512-etm@openssh.com"
+          "hmac-sha2-256-etm@openssh.com"
+          "umac-128-etm@openssh.com"
+          "hmac-sha2-512"
+          "hmac-sha2-256"
+          "umac-128@openssh.com"
+        ];
+        Ciphers = [
+          "chacha20-poly1305@openssh.com"
+          "aes256-gcm@openssh.com"
+          "aes128-gcm@openssh.com"
+          "aes256-ctr"
+          "aes192-ctr"
+          "aes128-ctr"
+        ];
+        KexAlgorithms = [
+          "curve25519-sha256@libssh.org"
+          "ecdh-sha2-nistp521"
+          "ecdh-sha2-nistp384"
+          "ecdh-sha2-nistp256"
+          "diffie-hellman-group-exchange-sha256"
+        ];
+      };
+      ports = [ 3022 ];
+    };
+  };
+}