diff --git a/hosts/vps/mailserver/default.nix b/hosts/vps/mailserver/default.nix
index 49c92e9..3276757 100644
--- a/hosts/vps/mailserver/default.nix
+++ b/hosts/vps/mailserver/default.nix
@@ -99,12 +99,6 @@
 
   services = {
     dovecot2.sieve.extensions = [ "fileinto" ];
-    openssh = {
-      enable = true;
-      settings = {
-        PermitRootLogin = "prohibit-password";
-      };
-    };
     roundcube = {
       enable = true;
       package = pkgs.roundcube.withPlugins (plugins: [ plugins.persistent_login ]);
diff --git a/nixos/configs/default.nix b/nixos/configs/default.nix
index 177121f..4dc20b5 100644
--- a/nixos/configs/default.nix
+++ b/nixos/configs/default.nix
@@ -3,7 +3,7 @@ let
   system = "x86_64-linux";
   mods = toplevel.config.flake.nixosModules;
   hardwareConfigurations = toplevel.config.flake.hardwareConfigurations;
-  essential = with mods; [ grub base shell security wireless wireguard ];
+  essential = with mods; [ grub base shell security wireless intranet ];
   desktop = with mods; [ sound wayland ];
   configWithModules = { hardware ? { nixpkgs.hostPlatform = system; }, modules }: withSystem system (ctx@{ config, inputs', pkgs, ... }: inputs.nixpkgs.lib.nixosSystem {
     specialArgs = {
@@ -23,6 +23,6 @@ in
     nova-ai = novaConfig (with mods; [ ivand ai ]);
     install-iso = configWithModules { modules = (with mods; [ grub base shell wireless ]); };
     vps = configWithModules { modules = (with mods; [ base shell security vps ]); };
-    stara-miner = configWithModules { modules = (with mods; [ grub base shell wireless security monero-miner ]); };
+    stara-miner = configWithModules { modules = (essential ++ [ mods.monero-miner ]); };
   };
 }
diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix
index cd85265..192df3d 100644
--- a/nixos/modules/default.nix
+++ b/nixos/modules/default.nix
@@ -103,7 +103,7 @@ top@{ inputs, moduleWithSystem, ... }: {
         rtkit.enable = true;
       };
     });
-    wireguard = {
+    intranet = {
       networking.wg-quick.interfaces = {
         wg0 = {
           address = [ "10.0.0.2/32" ];
@@ -118,6 +118,12 @@ top@{ inputs, moduleWithSystem, ... }: {
           ];
         };
       };
+      openssh = {
+        enable = true;
+        settings = {
+          PermitRootLogin = "prohibit-password";
+        };
+      };
     };
     wireless = {
       networking = {