{ config, pkgs, ... }:
{
  # Enable SSH server.
  services.openssh = {
    enable = true;
    ports = (
      if (config.networking.hostName == "yodaTux") || (config.networking.hostName == "yodaTab") || (config.networking.hostName == "yodaGaming")
        then [22]
      else if (config.networking.hostName == "yodaYoga")
        then [2224]
      else if (config.networking.hostName == "yodaNas")
        then [2222]
      else if (config.networking.hostName == "yodaHedgehog")
        then [2226]
      else throw "Please add ssh port here"
    );
    # Use authorized keys only.
    settings.PasswordAuthentication = false;
    # Enabling this is required for commands such as sftp and sshfs.
    allowSFTP = false;
  };

  # TODO replace authorizedKeys in all .nix files with authorizedKeyFiles
  # SSH public key(s) allowed to connect via SSH.
  users.users."yoda".openssh.authorizedKeys.keys = [
    (builtins.readFile ../assets/ssh/nitrokey.pub)
  ];
  users.users."root".openssh.authorizedKeys.keys = [
    (builtins.readFile ../assets/ssh/nitrokey.pub)
  ] ++ (
    if (config.networking.hostName == "yodaNas")
    then [(builtins.readFile ../assets/ssh/hedgehog.pub)]
    else []
  );
}