{ config, pkgs, ... }:

{
  # Enable SSH server.
  services.openssh = {
    enable = true;
    ports = (
      if (config.networking.hostName == "yodaTux") || (config.networking.hostName == "yodaTab")
        then [22]
      else if (config.networking.hostName == "yodaYoga")
        then [2224]
      else if (config.networking.hostName == "yodaNas")
        then [2222]
      else throw "Please add ssh port here"
    );
    # Use authorized keys only.
    settings.PasswordAuthentication = false;
    settings.PermitRootLogin = "prohibit-password";
    # Enabling this is required for commands such as sftp and sshfs.
    allowSFTP = false;
  };

  # SSH public key(s) allowed to connect via SSH.
  users.users.yoda.openssh.authorizedKeys.keys = [
    (builtins.readFile ../assets/ssh/nitrokey.pub)
  ];
  users.users.root.openssh.authorizedKeys.keys = [
    (builtins.readFile ../assets/ssh/nitrokey.pub)
  ] ++ (
    if (config.networking.hostName == "yodaNas")
    then [(builtins.readFile ../assets/ssh/pi3bplus.pub)]
    else []
  );
}