{ lib, config, ... }:
{
  options.deploy.address = lib.mkOption {
    type = lib.types.str;
    default = config.networking.hostName;
  };
  config = {
    services.openssh.enable = true;
    security = {
      sudo.execWheelOnly = true;
      pam = {
        sshAgentAuth.enable = true;
        services.sudo.sshAgentAuth = true;
      };
    };
  };
}