{ pkgs, config, ... }:

{
  services.openssh = {
    enable = true;
    ports = [ 6968 ];
    openFirewall = true;
    settings = {
      PasswordAuthentication = false;
      AllowUsers = [ "luka" ];
      UseDns = false; # Disable checking of rDNS records to speed up login
      X11Forwarding = false;
      PermitRootLogin = "prohibit-password";
    };
  };

  services.fail2ban = {
    enable = false;
    bantime = "24h"; # Ban IPs for one day on the first ban
    # ignoreIP = [ ];
  };

  networking.firewall = {
    enable = true;

    # allowedTCPPorts = [ ];
    # allowedUDPPorts = [];
  };
}