{
  lib,
  pkgs,
  config,
  ...
}:{
  #define option to enable this
    services.openssh = {
      enable = true;
      permitRootLogin = "no";
      passwordAuthentication = false;
    };

    networking.firewall.allowedTCPPorts = [22];
  
}