{ config, lib, pkgs, self, ... }:

let
  cfg = config.samfelag.modules.system.ssh;
in
{
  options.samfelag.modules.system.ssh = {
    enable = lib.mkEnableOption "ssh";
  };
  config = lib.mkIf cfg.enable {
    services = {
      openssh = {
        enable = true;
        settings = {
          # TODO: Use ssh keys
          PasswordAuthentication = true;
        };
      };
      # fail2ban.enable = true;
    };

    networking.firewall.allowedTCPPorts = [ 22 ];
  };
}