{ config, pkgs, ... }:
{
  # Install xanmod kernel
  # boot.kernelPackages = pkgs.linuxKernel.packages.linux_xanmod_stable.zfs;

  services.openssh = {
    enable = true;
    ports = [ 400 ];
    settings = {
      PasswordAuthentication = false;
      AllowUsers = [ "menno" ];
      X11Forwarding = false;
      PermitRootLogin = "prohibit-password";
      AllowTCPForwarding = true;
      AllowAgentForwarding = true;
      PermitEmptyPasswords = false;
      PubkeyAuthentication = true;
    };
  };

  networking = {
    firewall = {
      enable = true;

      # External ports
      allowedTCPPorts = [
        ## Portforwarded
        80 # HTTP
        443 # HTTPS
        22 # Git over SSH
        25565 # Minecraft
        24454 # Minecraft (Voice Chat)
        32400 # Plex
        51820 # WireGuard

        ## Internal services / TailScale
        400 # SSH
      ];

      allowedUDPPorts = [
        51820 # WireGuard
        25565 # Minecraft
      ];
    };
  };
}