{ pkgs, lib, config, ... }:
{
  nix = {
    settings.allowed-users = [ config.users.users."nix-ssh".name ];
    sshServe = {
      enable = true;
      keys = map lib.readFile [
        ../../users/julm/ssh/losurdo.pub
        ../../users/sevy/ssh/patate.pub
        ../../users/julm/ssh/pumpkin.pub
        ../../users/julm/ssh/oignon.pub
      ];
    };
  };
  networking.nftables.ruleset = ''
    table inet filter {
      chain input-lan {
        tcp dport 22 counter accept comment "SSH"
      }
    }
  '';
}