{ config, lib, pkgs, ... }:

let
  cfg = config.homelab.services.openssh;
in {
  options.homelab.services.openssh.enable = lib.mkEnableOption "OpenSSH daemon";

  config = lib.mkIf cfg.enable {
    services.openssh = {
      # Enable the OpenSSH daemon.
      enable = true;
      settings = {
        PasswordAuthentication = false;
        PermitRootLogin = "no";
        # Disable keyboard-interactive authentication.
        KbdInteractiveAuthentication = false;
      };
    };
  };
}