diff --git a/modules/security.nix b/modules/security.nix
index fd5801b..5e54c68 100644
--- a/modules/security.nix
+++ b/modules/security.nix
@@ -2,8 +2,8 @@
 { config, lib, ... }:
 {
   config = {
-    services = lib.mkIf config.services.gitea.enable {
-      openssh = {
+    services = {
+      openssh = lib.mkIf config.services.gitea.enable {
         extraConfig = ''
           Match User gitea
             AllowAgentForwarding no
@@ -13,14 +13,19 @@
         '';
       };
 
-      gitea.settings."ssh.minimum_key_sizes" = {
+      gitea.settings."ssh.minimum_key_sizes" = lib.mkIf config.services.gitea.enable {
         ECDSA = -1;
         RSA = 4095;
       };
+
+      endlessh-go = lib.mkIf (!builtins.elem 22 config.services.openssh.ports) {
+        enable = true;
+        port = 22;
+      };
     };
 
     networking.firewall = lib.mkIf config.services.openssh.enable {
-      allowedTCPPorts = config.services.openssh.ports;
+      allowedTCPPorts = config.services.openssh.ports ++ [ 22 ];
     };
   };
 }