{ lib, config, pkgs, ... }: {

  #define option to enable this 
  options.mymods.sshd.enable = lib.mkEnableOption "Enable SSH";

  config = lib.mkIf config.mymods.sshd.enable {
services.openssh = {
    enable = true;
    settings.permitRootLogin = "no";
    settings.passwordAuthentication = false;
};

  networking.firewall.allowedTCPPorts = [ 22 ];

};
}