diff --git a/hosts/nixdesk/default.nix b/hosts/nixdesk/default.nix
index b992736..35ba620 100644
--- a/hosts/nixdesk/default.nix
+++ b/hosts/nixdesk/default.nix
@@ -14,7 +14,6 @@
       ./profiles/wireguard.nix
       ./profiles/restic-server.nix
       ./profiles/autologin.nix
-      ./profiles/ssh-public-port-2050.nix
 
       inputs.impermanence.nixosModules.impermanence
       inputs.stylix.nixosModules.stylix
@@ -110,6 +109,16 @@
     '')
   ];
 
+  own.natpmp-portforward = {
+    enable = true;
+    mappings = [
+      {
+        public = 2050;
+        local = 22;
+      }
+    ];
+  };
+
   nixpkgs.config = {
     # rocmSupport = true;
     allowUnfreePredicate = pkg:
diff --git a/hosts/nixdesk/profiles/ssh-public-port-2050.nix b/hosts/nixdesk/profiles/ssh-public-port-2050.nix
deleted file mode 100644
index f97ee23..0000000
--- a/hosts/nixdesk/profiles/ssh-public-port-2050.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{pkgs, ...}: {
-  systemd.services.ssh-port2050-natpmp = {
-    bindsTo = ["sshd.socket"];
-    after = ["sshd.socket"];
-    wantedBy = ["multi-user.target"];
-    serviceConfig.Restart = "on-failure";
-    serviceConfig.ExecStart = pkgs.writeScript "ssh-port2050-natpmp" ''
-      #!${pkgs.bash}/bin/bash
-
-      while true
-      do
-        ${pkgs.libnatpmp}/bin/natpmpc -a 2050 22 tcp 60
-        ${pkgs.coreutils}/bin/sleep 30
-      done
-    '';
-  };
-}
diff --git a/modules/natpmp-portforward.nix b/modules/natpmp-portforward.nix
index a5e73c1..9d39645 100644
--- a/modules/natpmp-portforward.nix
+++ b/modules/natpmp-portforward.nix
@@ -8,23 +8,25 @@
 in {
   options.own.natpmp-portforward = {
     enable = lib.mkEnableOption "enable natpmp port forwarding service";
-    mappings = lib.types.listOf (lib.types.submodule {
-      options = {
-        public = lib.mkOption {
-          type = lib.types.port;
+    mappings = lib.mkOption {
+      type = lib.types.listOf (lib.types.submodule {
+        options = {
+          public = lib.mkOption {
+            type = lib.types.port;
+          };
+          local = lib.mkOption {
+            type = lib.types.port;
+          };
+          protocol = lib.mkOption {
+            default = "tcp";
+            type = lib.types.enum [
+              "tcp"
+              "udp"
+            ];
+          };
         };
-        private = lib.mkOption {
-          type = lib.types.port;
-        };
-        protocol = lib.mkOption {
-          default = "tcp";
-          type = lib.types.enum [
-            "tcp"
-            "udp"
-          ];
-        };
-      };
-    });
+      });
+    };
   };
 
   config = lib.mkIf cfg.enable {
@@ -35,10 +37,10 @@ in {
         ExecStart = pkgs.writeScript "natpmp-portforward" ''
           #!${pkgs.bash}/bin/bash
 
-          "${lib.concatMapStrings (x: ''
-              ${pkgs.libnatpmp}/bin/natpmpc -a ${x.public} ${x.private} ${x.protocol} 60
+          ${lib.concatMapStrings (x: ''
+              ${pkgs.libnatpmp}/bin/natpmpc -a ${toString x.public} ${toString x.local} ${x.protocol} 180
             '')
-            cfg.mappings}"
+            cfg.mappings}
         '';
       };
     };