{ config, lib,  ... }:
{
  config = {
    services.openssh = {
      enable = true;
      ports = [ 1876 ];
      settings = {
        PasswordAuthentication = false;
        PermitRootLogin = "no";
      };
    };

    sops.secrets."ssh_pubkeys" = {
      path = "/home/${config.user}/.ssh/authorized_keys";
      owner = "${config.user}";
      group = "users";
      mode = "0600";
    };

    home-manager.users.${config.user} = { pkgs, config, ... }: {
      home.file.".ssh/config" = {
        source = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nixos/dotfiles/ssh/${config.home.username}";
      };
    };
  };

}