{ config, lib, pkgs, ... } @ args:

let spacekookie = (import <configuration/users/spacekookie> args);
in
{
  services.openssh = {
    enable = true;
    permitRootLogin = "prohibit-password";
    passwordAuthentication = false;

    # Required for root
    extraConfig = ''
      Match Address 127.0.0.1
        PermitRootLogin yes
    '';
  };

  users.users.root.openssh.authorizedKeys.keys = spacekookie.pubkeys;
  
  # Also enable mosh because /shrug
  programs.mosh.enable = true;
}