diff --git a/modules/services/gitea.nix b/modules/services/gitea.nix
index 1488c46..315f68e 100644
--- a/modules/services/gitea.nix
+++ b/modules/services/gitea.nix
@@ -27,7 +27,7 @@ in
         service.DISABLE_REGISTRATION = true;
         server.DOMAIN = cfg.fqdn;
         server.ROOT_URL = "https://${cfg.fqdn}";
-        server.DISABLE_SSH = true;
+        #server.DISABLE_SSH = true;
       };
     };
     services.nginx.virtualHosts."${cfg.fqdn}" = {
diff --git a/systems/amd-server-vm/configuration.nix b/systems/amd-server-vm/configuration.nix
index a1b907e..decbc94 100644
--- a/systems/amd-server-vm/configuration.nix
+++ b/systems/amd-server-vm/configuration.nix
@@ -157,6 +157,17 @@
     };
   };
 
+  services.openssh.extraConfig = ''
+    # Internal network: allow everyone
+    Match Address 192.168.2.0/24,192.168.0.0/24
+        AllowUsers *
+
+    # Everything else (internet): only git user
+    Match Address *,!192.168.2.0/24,!192.168.0.0/24
+        PermitRootLogin no
+        AllowUsers gitea
+  '';
+
   virtualisation.vmware.guest.enable = true;
   services.xserver.videoDrivers = [ "vmware" ];
   environment.systemPackages = with pkgs; [