{ username, ... }: let
  keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINkHOpdBpYV3KJV+AtBK3jD6MLDZzAwh9HFt0LsLxBV0" # Old key
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDEDqpSiQpbSsClh6UGb7Z2DA1Hy+EyePzTy+5hEVD/A" # Main key
  ];
in {
  users.users.${username}.openssh.authorizedKeys.keys = keys;
  users.users.root.openssh.authorizedKeys.keys = keys;
  services.openssh = {
    enable = true;
    settings = {
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = false;
      PermitRootLogin = "prohibit-password";
    };
    ports = [ 22 ];
    openFirewall = true;
  };
}