{ config, lib, pkgs, ... }:

{
  programs = {
    # Enable mosh with libutempter
    mosh = {
      enable = true;
      withUtempter = true;
    };
  };

  services = {
    # Enable openssh daemon
    openssh = {
      enable = true;
      openFirewall = false;
      ports = [ 9022 ];
      settings = {
        Ciphers = [
          "chacha20-poly1305@openssh.com"
          "aes256-ctr"
        ];
        KbdInteractiveAuthentication = false;
        KexAlgorithms = [
          "curve25519-sha256"
        ];
        Macs = [
          "hmac-sha2-512-etm@openssh.com"
          "hmac-sha2-512"                 # Required for Siri Shortcuts
        ];
        PasswordAuthentication = false;
        PermitRootLogin = "no";
      };
      extraConfig = ''
        ChallengeResponseAuthentication no
        PrintLastLog no
      '';
    };
  };
}