{ pkgs, ... }:

{
  services.openssh = {
    enable = true;
    ports = [ 22 ];
    settings = {
      # Authentication
      PermitRootLogin = "no";
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = false;
      PermitEmptyPasswords = false;

      # Security hardening
      X11Forwarding = false;
      AllowTcpForwarding = false;
      AllowAgentForwarding = false;
      AllowStreamLocalForwarding = false;

      # Session settings
      ClientAliveInterval = 300;
      ClientAliveCountMax = 2;
      MaxAuthTries = 3;
      MaxSessions = 2;
      LoginGraceTime = 30;
    };
  };

  # Tailscale
  services.tailscale.enable = true;

  # Fwupd
  services.fwupd.enable = true;

  # Sunshine
  services.sunshine = {
    enable = true;
    autoStart = true;
    capSysAdmin = true;
    openFirewall = true;
    applications = {
      apps = [
        {
          name = "Steam Big Picture";
          cmd = "${pkgs.steam}/bin/steam -gamepadui";
        }
        {
          name = "Desktop";
          cmd = "${pkgs.coreutils}/bin/true";
        }
      ];
    };
  };

  services.avahi.publish.enable = true;
  services.avahi.publish.userServices = true;

  services.system76-scheduler.enable = true;
}