# SSH service configuration common to all hosts
{
  config,
  pkgs,
  lib,
  ...
}: {
  services.openssh = {
    enable = true; # Enable the OpenSSH daemon.
    hostKeys = [
      {
        path = "/etc/ssh/ssh_host_ed25519_key";
        type = "ed25519";
      }
    ];
    openFirewall = true;
    settings = {
      KbdInteractiveAuthentication = false;
      PasswordAuthentication = false;
      PermitRootLogin = "prohibit-password";
    };
  };
}