dotfiles/modules/server/ssh.nix

{config, ...}: {
  flake.modules.nixos.server = {
    services.openssh = {
      enable = true;
      settings = {
        PermitRootLogin = "prohibit-password";
        PasswordAuthentication = false;
      };
    };

    networking.firewall.allowedTCPPorts = [22];
    networking.firewall.allowedUDPPorts = [22];

    users.users.${config.flake.meta.user.name} = {
      openssh.authorizedKeys.keys = [
        config.flake.meta.user.ssh_key
      ];
    };
  };
}