diff --git a/hosts/fwminex/configuration.nix b/hosts/fwminex/configuration.nix
index 09f7ec3..5219e77 100644
--- a/hosts/fwminex/configuration.nix
+++ b/hosts/fwminex/configuration.nix
@@ -364,6 +364,7 @@ in
 
     services = {
       sshguard.enable = true;
+      ssh8022.enable = true;
       gitea.enable = true;
       hass.enable = true;
       syncthing-relay.enable = true;
diff --git a/hosts/mtworx/configuration.nix b/hosts/mtworx/configuration.nix
index b6cfa52..ef5d224 100644
--- a/hosts/mtworx/configuration.nix
+++ b/hosts/mtworx/configuration.nix
@@ -81,6 +81,8 @@ in
 
     services = {
       sshguard.enable = false;
+      ssh8022.enable = true;
+
       tailscale = {
         enable = true;
         verboseLogs = true;
diff --git a/modules/base/sshd/default.nix b/modules/base/sshd/default.nix
index f667ec4..777a5e9 100644
--- a/modules/base/sshd/default.nix
+++ b/modules/base/sshd/default.nix
@@ -1,19 +1,11 @@
 {
   lib,
   config,
-  pkgs,
   myData,
   ...
 }:
 {
   config = {
-    services.spiped = {
-      enable = true;
-      decrypt = true;
-      source = "*:8022";
-      target = "127.0.0.1:22";
-      keyFile = config.age.secrets.ssh8022.path;
-    };
     services.openssh = {
       enable = true;
       settings = {
@@ -31,11 +23,6 @@
           ] (_: null);
         in
         lib.mapAttrs (_name: builtins.intersectAttrs sshAttrs) myData.hosts;
-      extraConfig = ''
-        Host dl.jakstys.lt
-        ProxyCommand ${pkgs.spiped}/bin/spipe -t %h:8022 -k ${config.age.secrets.ssh8022.path}
-      '';
     };
-    networking.firewall.allowedTCPPorts = [ myData.ports.ssh8022 ];
   };
 }
diff --git a/modules/services/default.nix b/modules/services/default.nix
index 39788f9..6db3a81 100644
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -18,6 +18,7 @@
     ./photoprism
     ./postfix
     ./remote-builder
+    ./ssh8022
     ./sshguard
     ./syncthing
     ./syncthing-relay
diff --git a/modules/services/ssh8022/default.nix b/modules/services/ssh8022/default.nix
new file mode 100644
index 0000000..01cccc9
--- /dev/null
+++ b/modules/services/ssh8022/default.nix
@@ -0,0 +1,34 @@
+{
+  lib,
+  config,
+  pkgs,
+  myData,
+  ...
+}:
+let
+  cfg = config.mj.services.ssh8022;
+in
+{
+  options.mj.services.ssh8022 = {
+    enable = lib.mkEnableOption "Enable ssh8022";
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.spiped = {
+      enable = true;
+      config = {
+        ssh8022 = {
+          decrypt = true;
+          source = "*:8022";
+          target = "127.0.0.1:22";
+          keyfile = config.age.secrets.ssh8022.path;
+        };
+      };
+    };
+    programs.ssh.extraConfig = ''
+      Host dl.jakstys.lt
+      ProxyCommand ${pkgs.spiped}/bin/spipe -t %h:8022 -k ${config.age.secrets.ssh8022.path}
+    '';
+    networking.firewall.allowedTCPPorts = [ myData.ports.ssh8022 ];
+  };
+}