proxy/config/openssh.nix

let
  secrets = import ../intermediate/secrets.nix;
  users = builtins.attrNames secrets.source.openssh.users;
in
rec {
  ssh_users = users;

  extraConfig = {
    users = {
      "autossh-incoming" = ''
        PasswordAuthentication no
        PermitTTY no
        X11Forwarding no
        AllowAgentForwarding no
        PermitTunnel no
        AllowTcpForwarding remote
        PermitListen localhost:*
        PermitListen 127.0.0.1:*
      '';
    };
  };
}