diff --git a/hosts/hel1-a/configuration.nix b/hosts/hel1-a/configuration.nix
index f2edced..e5ddbf1 100644
--- a/hosts/hel1-a/configuration.nix
+++ b/hosts/hel1-a/configuration.nix
@@ -127,12 +127,6 @@ in {
       '';
     };
 
-    locate = {
-      enable = true;
-      locate = pkgs.plocate;
-      localuser = null;
-    };
-
     headscale = {
       enable = true;
       settings = {
@@ -386,16 +380,6 @@ in {
         };
       };
     };
-
-    sshguard = {
-      enable = true;
-      blocktime = 900;
-      whitelist = [
-        "192.168.0.0/16"
-        myData.tailscale_subnet.cidr
-        myData.hosts."vno1-oh2.servers.jakst".publicIP
-      ];
-    };
   };
 
   networking = {
diff --git a/modules/base/default.nix b/modules/base/default.nix
index 8f26ae6..95d074b 100644
--- a/modules/base/default.nix
+++ b/modules/base/default.nix
@@ -10,6 +10,7 @@
     ./fileSystems
     ./snapshot
     ./sshd
+    ./sshguard
     ./unitstatus
     ./users
     ./zfs
@@ -132,5 +133,13 @@
         defaultEditor = true;
       };
     };
+
+    services = {
+      locate = {
+        enable = true;
+        locate = pkgs.plocate;
+        localuser = null;
+      };
+    };
   };
 }
diff --git a/modules/base/sshguard/default.nix b/modules/base/sshguard/default.nix
new file mode 100644
index 0000000..6b5df28
--- /dev/null
+++ b/modules/base/sshguard/default.nix
@@ -0,0 +1,25 @@
+{
+  config,
+  lib,
+  myData,
+  ...
+}: {
+  options.mj.base.sshguard = with lib.types; {
+    enable = lib.mkOption {
+      type = bool;
+      default = true;
+    };
+  };
+
+  config = lib.mkIf config.mj.base.sshguard.enable {
+    services.sshguard = {
+      enable = true;
+      blocktime = 900;
+      whitelist = [
+        "192.168.0.0/16"
+        myData.tailscale_subnet.cidr
+        myData.hosts."vno1-oh2.servers.jakst".publicIP
+      ];
+    };
+  };
+}