# SSH service configuration common to all hosts

{ config, pkgs, lib, ... }:

{

  services.openssh = {
    enable = true;          # Enable the OpenSSH daemon.
    permitRootLogin = "prohibit-password";
    challengeResponseAuthentication = false;
    passwordAuthentication = false;
    openFirewall = true;
    hostKeys = [
      {
        path = "/etc/ssh/ssh_host_ed25519_key";
        type = "ed25519";
      }
    ];
  };

}