{lib, ...}: let
  inherit (lib.options) mkEnableOption;
in {
  options.modules.programs.ssh.enable = mkEnableOption "ssh";
  config = {
    # set the ssh socket globally. This alows all applications and shells to use
    # the ssh-agent.
    environment.sessionVariables.SSH_AUTH_SOCK = "/run/user/1000/ssh-agent";
    programs.ssh.startAgent = true;

    services.openssh = {
      enable = true;
      ports = [22];
      settings = {
        PasswordAuthentication = false;
        PermitRootLogin = "no";
      };
    };
  };
}