{ lib, ... }: { imports = [ ./fail2ban ]; services.openssh = { enable = true; settings = { PermitRootLogin = lib.mkForce "no"; PrintLastLog = "no"; PasswordAuthentication = false; UsePAM = false; X11Forwarding = false; }; }; environment.persistence."/persist".files = [ "/etc/ssh/ssh_host_ed25519_key" "/etc/ssh/ssh_host_ed25519_key.pub" "/etc/ssh/ssh_host_rsa_key" "/etc/ssh/ssh_host_rsa_key.pub" ]; }