diff --git a/nixos/configuration.nix b/nixos/configuration.nix
index fe05f1e..83b97b0 100644
--- a/nixos/configuration.nix
+++ b/nixos/configuration.nix
@@ -30,6 +30,7 @@
     ./services/mastodon.nix
     ./services/microboard.nix
     ./services/nextcloud.nix
+    ./services/openssh.nix
     ./services/phoenix.nix
     ./services/prosody.nix
     ./services/ss.nix
@@ -80,12 +81,6 @@
     deluged
   ];
 
-  # Enable the OpenSSH daemon.
-  services.openssh = {
-    enable = true;
-    settings.PasswordAuthentication = false;
-  };
-
   powerManagement.powertop.enable = true;
 
   system.stateVersion = "22.11";
diff --git a/nixos/services/openssh.nix b/nixos/services/openssh.nix
new file mode 100644
index 0000000..d28d4ae
--- /dev/null
+++ b/nixos/services/openssh.nix
@@ -0,0 +1,14 @@
+{ config, ... }:
+{
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false;
+      PermitRootLogin = "no";
+      AllowUsers = [
+        "lumin"
+        "forgejo"
+      ];
+    };
+  };
+}