{ config, lib, pkgs, ... }:

{
  # enable the openssh daemon
  services.openssh = {
    enable = true;
    openFirewall = true;
    ports = [ 666 ];

    settings = {
      AuthenticationMethods = "publickey";
      KbdInteractiveAuthentication = false;
      MaxAuthTries = 5;
      PasswordAuthentication = false;
      PermitRootLogin = "no";
      X11Forwarding = false;
    };
  };
}