{ config, lib, ... }:
let
  cfg = config.my.utils.lxc-standard;
in
{
  options.my.utils.lxc-standard = {
    enable = lib.mkEnableOption "Enable if the host is a service LXC container";
  };

  config = lib.mkIf cfg.enable {

    # Enable SSH
    services = {
      openssh.enable = true;
      # Disable password root access. Necessary for Colmena
      openssh.permitRootLogin = "prohibit-password";
    };

    my.utils.serverNodeUsers.enable = true;

    # Monitor node with node_exporter
    services.prometheus.exporters = {
      node = {
        enable = true;
        openFirewall = true;
        enabledCollectors = [ "systemd" ];
      };
    };

    networking.nameservers = [ "192.168.1.2" ];

  };
}