{ ... }:

let
  homedir = builtins.getEnv "HOME";
in {
  programs.ssh = {
    controlMaster = "auto";
    enable = true;
    forwardAgent = true;
    matchBlocks = {
      "github.com" = {
        hostname = "github.com";
        user = "git";
        identityFile = [ "${homedir}/.ssh/id_rsa" ];
        identitiesOnly = true;
      };

      # groq
      "bsima" = {
        hostname = "bsima"; # must be on vpn
        user = "bsima";
        identityFile = [ "${homedir}/.ssh/groq" ];
        identitiesOnly = true;
        forwardAgent = true;
        extraOptions = {
          #"RemoteCommand" = "tmux -CC new -As0";
          "RequestTTY" = "force";
        };
      };

      # simatime
      "sabten" = {
        hostname = "142.93.81.26";
        user = "root";
        identityFile = [ "${homedir}/.ssh/id_rsa" ];
        identitiesOnly = true;
      };
      "serval.simatime.com" = {
        hostname = "serval.simatime.com";
        user = "ben";
        identityFile = [ "${homedir}/.ssh/id_rsa" ];
        identitiesOnly = true;
      };
      "simatime.com" = {
        hostname = "simatime.com";
        user = "git";
        identityFile = [ "${homedir}/.ssh/id_rsa" ];
        identitiesOnly = true;
      };
      "gerrit.simatime.com" = {
        hostname = "gerrit.simatime.com";
        user = "bsima";
        identityFile = [ "${homedir}/.ssh/gerrit.simatime.com" ];
        identitiesOnly = true;
      };
      "lithium" = {
        hostname = "192.168.1.9";
        user = "ben";
        identityFile = [ "${homedir}/.ssh/id_rsa" ];
        identitiesOnly = true;
      };
      "dev.simatime.com" = {
        user = "ben";
        identityFile = [ "${homedir}/.ssh/id_rsa" ];
        identitiesOnly = true;
      };
      "git.platonic.systems" = {
        hostname = "git.platonic.systems";
        user = "git";
        identityFile = [ "${homedir}/.ssh/platonic.systems" ];
        identitiesOnly = true;
      };
    };
  };
}