1_: {
 2  services = {
 3    openssh = {
 4      enable = true;
 5      openFirewall = true;
 6      settings = {
 7        # FIXME: enable this
 8        # PasswordAuthentication = false;
 9        # PermitRootLogin = "no"
10      };
11      extraConfig = ''
12        StreamLocalBindUnlink yes
13      '';
14    };
15    sshguard.enable = true;
16  };
17  security.pam.sshAgentAuth.enable = true;
18}