nixos-configs/hosts/tadpole/modules/ssh/default.nix

{ lib, config, ... }:
let
  enabled = config.mod.ssh.enable;
in
{
  options = {
    mod.ssh = {
      enable = lib.mkEnableOption "enable ssh module";
    };
  };

  config = lib.mkIf enabled {
    home-manager.users.alex = {
      programs.ssh = {
        enable = true;
      };
    };

    services = {
      openssh = {
        enable = true;
        ports = [ 1122 ];

        hostKeys = [{
          path = "/etc/ssh/tadpole";
          type = "ed25519";
        }];
      };
    };

    networking = {
      firewall = {
        allowedTCPPorts = [ 1122 ];
      };
    };
  };
}