diff --git a/nixos/modules/services/misc/nix-ssh-serve.nix b/nixos/modules/services/misc/nix-ssh-serve.nix
index f60736c688d9..b0ccf495c7eb 100644
--- a/nixos/modules/services/misc/nix-ssh-serve.nix
+++ b/nixos/modules/services/misc/nix-ssh-serve.nix
@@ -1,6 +1,4 @@
 { config, lib, pkgs, ... }:
-
-with lib;
 let cfg = config.nix.sshServe;
     command =
       if cfg.protocol == "ssh"
@@ -11,27 +9,27 @@ in {
 
     nix.sshServe = {
 
-      enable = mkOption {
-        type = types.bool;
+      enable = lib.mkOption {
+        type = lib.types.bool;
         default = false;
         description = "Whether to enable serving the Nix store as a remote store via SSH.";
       };
 
-      write = mkOption {
-        type = types.bool;
+      write = lib.mkOption {
+        type = lib.types.bool;
         default = false;
         description = "Whether to enable writing to the Nix store as a remote store via SSH. Note: the sshServe user is named nix-ssh and is not a trusted-user. nix-ssh should be added to the {option}`nix.settings.trusted-users` option in most use cases, such as allowing remote building of derivations.";
       };
 
-      keys = mkOption {
-        type = types.listOf types.str;
+      keys = lib.mkOption {
+        type = lib.types.listOf lib.types.str;
         default = [];
         example = [ "ssh-dss AAAAB3NzaC1k... alice@example.org" ];
         description = "A list of SSH public keys allowed to access the binary cache via SSH.";
       };
 
-      protocol = mkOption {
-        type = types.enum [ "ssh" "ssh-ng" ];
+      protocol = lib.mkOption {
+        type = lib.types.enum [ "ssh" "ssh-ng" ];
         default = "ssh";
         description = "The specific Nix-over-SSH protocol to use.";
       };
@@ -40,7 +38,7 @@ in {
 
   };
 
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
 
     users.users.nix-ssh = {
       description = "Nix SSH store user";