{ pkgs, config, lib, ... }:

with lib;

let

  cfg = config.services.custom.ssh;

in {

  options.services.custom.ssh = {
    tools.enable = mkEnableOption "Add ssh tools";
    sshd = {
      enable = mkEnableOption "Start sshd server";
      rootKeyFiles = mkOption {
        type = with types; listOf path;
        description = "keys to root login";
        default = [ ];
      };
    };
  };

  config = mkMerge [

    (mkIf cfg.tools.enable {
      environment.systemPackages = with pkgs;
        [
          # sshuttle
          sshfs
        ];
    })

    (mkIf cfg.sshd.enable {

      services.openssh = {
        enable = true;
        forwardX11 = true;
        passwordAuthentication = false;
      };

      users.users.root.openssh.authorizedKeys.keyFiles = cfg.sshd.rootKeyFiles;

      services.openssh.extraConfig = ''
        Banner /etc/sshd/banner-line
      '';

      environment.etc."sshd/banner-line".text = let
        text = config.networking.hostName;
        size = 80 - (lib.stringLength text);
        space = lib.fixedWidthString size " " "";
      in ''
        ────────────────────────────────────────────────────────────────────────────────
        ${space}${text}
      '';

    })

  ];

}