{ ... }:
let
  opensshConfig = import ../config/openssh.nix;
  usersWithKeys = opensshConfig.ssh_users;
in 
{
  services.openssh = {
    enable = true;
    settings = {
      PasswordAuthentication = true;
      PermitRootLogin = "no";
      AllowUsers = usersWithKeys;
    };
  };

  networking.firewall.allowedTCPPorts = [ 22 ];
}