5 files changed, 19 insertions, 8 deletions

diff --git a/hosts/common/system/default.nix b/hosts/common/system/default.nix
index 2e34ede..6fc0651 100644
--- a/hosts/common/system/default.nix
+++ b/hosts/common/system/default.nix
@@ -8,7 +8,6 @@
     ./network.nix
     ./security.nix
     ./software.nix
-    ./ssh.nix
     ./users.nix
   ];
 
diff --git a/hosts/common/system/ssh.nix b/hosts/common/system/ssh.nix
deleted file mode 100644
index cb7c47d..0000000
--- a/hosts/common/system/ssh.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{
-  # Enable the OpenSSH daemon.
-  services.openssh.enable = true;
-  services.openssh.permitRootLogin = "yes";
-  services.openssh.passwordAuthentication = false;
-}
diff --git a/modules/default.nix b/modules/default.nix
index 189a313..67d8e83 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -1 +1 @@
-{ ... }: { imports = [ ./hardware ./system ]; }
+{ ... }: { imports = [ ./hardware ./system ./services ]; }
diff --git a/modules/services/default.nix b/modules/services/default.nix
new file mode 100644
index 0000000..d34f57a
--- /dev/null
+++ b/modules/services/default.nix
@@ -0,0 +1 @@
+{ ... }: { imports = [ ./ssh-server ]; }
diff --git a/modules/services/ssh-server/default.nix b/modules/services/ssh-server/default.nix
new file mode 100644
index 0000000..ce5d4c8
--- /dev/null
+++ b/modules/services/ssh-server/default.nix
@@ -0,0 +1,17 @@
+{ ... }: {
+  services.openssh = {
+    enable = true;
+    permitRootLogin = "yes";
+    passwordAuthentication = false;
+  };
+
+  programs.mosh.enable = true;
+
+  networking.firewall.allowedTCPPorts = [ 22 ];
+
+  # Relevant ports for mosh
+  networking.firewall.allowedUDPPortRanges = [{
+    from = 6000;
+    to = 6100;
+  }];
+}