diff --git a/modules/common-packages.nix b/modules/common-packages.nix
index 9e50b7a..fb33630 100644
--- a/modules/common-packages.nix
+++ b/modules/common-packages.nix
@@ -60,23 +60,4 @@
   virtualisation.docker.enable = true;
 
   # Enable the OpenSSH daemon.
-  services.openssh = {
-    enable = true;
-    startWhenNeeded = true;
-    settings = {
-      PermitRootLogin = "no";
-
-      # only allow key based logins and not password
-      PasswordAuthentication = false;
-      KbdInteractiveAuthentication = false;
-      AuthenticationMethods = "publickey";
-      PubkeyAuthentication = "yes";
-      ChallengeResponseAuthentication = "no";
-      UsePAM = false;
-
-      # kick out inactive sessions
-      ClientAliveCountMax = 5;
-      ClientAliveInterval = 60;
-    };
-  };
 }
diff --git a/modules/services/openssh.nix b/modules/services/openssh.nix
new file mode 100644
index 0000000..1f530f0
--- /dev/null
+++ b/modules/services/openssh.nix
@@ -0,0 +1,39 @@
+{
+  config,
+  lib,
+  ...
+}:
+{
+  options = {
+    myModules.enableOpenssh = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = "Enable OpenSSH service";
+    };
+  };
+
+  config = lib.mkMerge [
+    (lib.mkIf config.myModules.enableOpenssh {
+      services.openssh = {
+        enable = true;
+        startWhenNeeded = true;
+        settings = {
+        PermitRootLogin = "no";
+
+        # only allow key based logins and not password
+        PasswordAuthentication = false;
+        KbdInteractiveAuthentication = false;
+        AuthenticationMethods = "publickey";
+        PubkeyAuthentication = "yes";
+        ChallengeResponseAuthentication = "no";
+        UsePAM = false;
+
+        # kick out inactive sessions
+        ClientAliveCountMax = 5;
+        ClientAliveInterval = 60;
+        };
+    };
+
+    })
+  ];
+}