{ ... }:

let
  homedir = builtins.getEnv "HOME";
in {
  programs.ssh = {
    controlMaster = "auto";
    enable = true;
    forwardAgent = true;
    extraConfig = ''
      # this never works, i just get a warning when i ssh
      # RemoteForward %d/.gnupg/S.gpg-agent ''${HOME}/.gnupg/S.gpg-agent.extra
    '';
    matchBlocks = {
      # groq
      "bsima" = {
        hostname = "bsima"; # must be on vpn
        user = "bsima";
        identityFile = [ "${homedir}/.ssh/groq" ];
        identitiesOnly = true;
        forwardAgent = true;
        extraOptions = {
          #"RemoteCommand" = "tmux -CC new -As0";
          "RequestTTY" = "force";
        };
      };

      # simatime
      "sabten" = {
        hostname = "142.93.81.26";
        user = "root";
        identityFile = [ "${homedir}/.ssh/id_rsa" ];
        identitiesOnly = true;
      };
      "serval.simatime.com" = {
        hostname = "serval.simatime.com";
        user = "ben";
        identityFile = [ "${homedir}/.ssh/id_rsa" ];
        identitiesOnly = true;
      };
      #"simatime.com" = {
      #  hostname = "simatime.com";
      #  user = "git";
      #  identitiesOnly = true;
      #  extraOptions = {
      #    # PKCS11Provider = "/run/current-system/sw/lib/opensc-pkcs11.so";
      #  };
      #};
      "gerrit.simatime.com" = {
        hostname = "gerrit.simatime.com";
        user = "bsima";
        identityFile = [ "${homedir}/.ssh/gerrit.simatime.com" ];
        identitiesOnly = true;
      };
      "lithium" = {
        hostname = "192.168.1.9";
        user = "ben";
        identityFile = [ "${homedir}/.ssh/id_rsa" ];
        identitiesOnly = true;
      };
      #"dev.simatime.com" = {
      #  user = "ben";
      #  identityFile = [ "${homedir}/.ssh/id_rsa" ];
      #  identitiesOnly = true;
      #};
      "git.platonic.systems" = {
        hostname = "git.platonic.systems";
        user = "git";
        identityFile = [ "${homedir}/.ssh/platonic.systems" ];
        identitiesOnly = true;
      };
    };
  };
}