{ ... }:
{
  imports = [ ./fail2ban ];

  services.openssh = {
    enable = true;
    settings = {
      AuthenticationMethods = "publickey";
      PermitEmptyPasswords = true;
      PrintLastLog = "no";
    };
  };

  programs.ssh = {
    startAgent = true;

    # Don't host prompt for servers
    knownHosts = {
      midas.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFcFMvrx9/iUZ1mEubf+QF1i3LNTxFhaU/1zFSjdo0kK";
      kitty.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIrGmsya5DXKuXO6jNjUlrYHqk49KLzxM/60GXtLRLrL";
      detritus.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDPD9m/rUjb88C4Kin2YhMrMVigu5IEf20FzwfAvz8SI";
      prophet.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICrp3Y/X2BRUENx+0GMTmB1VDA6SiwkGgdJMHSdMMepM";
    };
  };

  security.pam.services.sshd.allowNullPassword = true;

  environment.persistence."/persist".files = [
    "/etc/ssh/ssh_host_ed25519_key"
    "/etc/ssh/ssh_host_ed25519_key.pub"
    "/etc/ssh/ssh_host_rsa_key"
    "/etc/ssh/ssh_host_rsa_key.pub"
  ];
}