{ config, lib, pkgs, ... }:
{
  boot.isContainer = true;
  networking.firewall.allowedTCPPorts = [ 22 ];
  services = {
    openssh.enable = lib.mkDefault true;
    openssh.passwordAuthentication = false;
  };
  system.activationScripts.installInitScript = ''
    ln -fs $systemConfig/init /init
    mkdir -p /sbin/init || true
    ln -fs $systemConfig/init /sbin/init
  '';
  boot.specialFileSystems = {
    "/dev/pts" = {
      options = lib.mkAfter [ "ptmxmode=666" ];
    };
  };
}