{ config, pkgs, ... }:

let
  defaultBlock = {
    identitiesOnly = true;
    identityFile = "~/.ssh/id_rsa_yubikey.pub";
    certificateFile = "~/.ssh/id_rsa_yubikey-cert.pub";
    forwardAgent = true;
    port = 22;
  };
in {
  home.file.".ssh/id_rsa_yubikey.pub".source = ./id_rsa_yubikey.pub;
  home.file.".ssh/id_rsa_yubikey-cert.pub".source = ./id_rsa_yubikey-cert.pub;
  programs.ssh = {
    enable = true;
    matchBlocks = {

      "github.com" = defaultBlock;

      "opnsense" = defaultBlock // { hostname = "10.0.0.1"; };
      "openwrt" = defaultBlock // {
        user = "root";
        hostname = "10.0.0.15";
      };

      "suricata" = defaultBlock;
      "lb" = defaultBlock;
      "kitchen" = defaultBlock;
      "capibara" = defaultBlock;
      "pikvm" = defaultBlock;
      "narwhal" = defaultBlock;
      "trantor" = defaultBlock;
      "axolotl" = defaultBlock;
      "caladan" = defaultBlock;
      "fugu" = defaultBlock;

      "bitbucket.org" = defaultBlock // {
        user = "git";
        identityFile = "~/.ssh/bitbucket_rsa";
      };

    };
  };
}