chiasson-nix/modules/hosts/client-services.nix

{ self, ... }: {
  #TODO[epic=Moderate] Move this somewhere else, would prefer not relying on this module
  flake.nixosModules."client-services" = { ... }: {
    imports = [
      self.nixosModules.systemBluetooth
      self.nixosModules.systemDeployBuilder
    ];

    chiasson.system.deploy.builder.enable = true;

    # Lab-ish SSH defaults on clients — tighten for anything exposed.
    services.openssh = {
      enable = true;
      settings = {
        KbdInteractiveAuthentication = false;
        PasswordAuthentication = true;
        PermitRootLogin = "yes"; # consider tightening later
        UseDns = false;
      };
    };

    # Printing, polkit, udisks.
    services.printing.enable = true;
    security.polkit.enable = true;
    services.udisks2.enable = true;
  };
}