services.openssh = {
  enable = true;
  extraConfig = "PermitEmptyPasswords no";
  ports = [ 22 ];
  openFirewall = true;
  settings = {
    Protocol = 2;
    MaxAuthTries = 2;
    PermitEmptyPasswords = false;
    PasswordAuthentication = false;
    PermitRootLogin = "prohibit-password";
    X11Forwarding = false;
  };
};