feat: add initial config

services/openssh.nix

@@ -0,0 +1,32 @@
+{ ... }:
+let
+  lib = import <nixpkgs/lib>;
+  opensshConfig = import ../config/openssh.nix;
+
+  userExtraConfig =
+    if opensshConfig ? extraConfig && opensshConfig.extraConfig ? users && builtins.isAttrs opensshConfig.extraConfig.users then
+      opensshConfig.extraConfig.users
+    else
+      {};
+
+  renderedUserMatches = lib.concatStringsSep "\n" (
+    lib.mapAttrsToList (user: cfg: ''
+      Match User ${user}
+${cfg}
+    '') userExtraConfig
+  );
+in
+{
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = true;
+      PermitRootLogin = "no";
+      GatewayPorts = "no";
+      AllowUsers = opensshConfig.ssh_users;
+    };
+    extraConfig = renderedUserMatches;
+  };
+
+  networking.firewall.allowedTCPPorts = [ 22 ];
+}