nix-config/home/ssh/default.nix

{ config, pkgs, ... }:

{
  home.file.".ssh/id_rsa_yubikey.pub".source = ./id_rsa_yubikey.pub;
  home.file.".ssh/id_rsa_yubikey-cert.pub".source = ./id_rsa_yubikey-cert.pub;
  programs.ssh = {
    enable = true;
    matchBlocks = {

      "github.com" = {
        identitiesOnly = true;
        identityFile = "~/.ssh/id_rsa_yubikey.pub";
      };

      "openwrt" = {
        identitiesOnly = true;
        identityFile = "~/.ssh/id_rsa_yubikey.pub";
        forwardAgent = true;
        user = "root";
      };

      "narwhal" = {
        identitiesOnly = true;
        identityFile = "~/.ssh/id_rsa_yubikey.pub";
        certificateFile = "~/.ssh/id_rsa_yubikey-cert.pub";
        forwardAgent = true;
        port = 22;
      };

      "trantor" = {
        identitiesOnly = true;
        identityFile = "~/.ssh/id_rsa_yubikey.pub";
        certificateFile = "~/.ssh/id_rsa_yubikey-cert.pub";
        forwardAgent = true;
        port = 22;
      };

      "axolotl" = {
        identitiesOnly = true;
        identityFile = "~/.ssh/id_rsa_yubikey.pub";
        certificateFile = "~/.ssh/id_rsa_yubikey-cert.pub";
        forwardAgent = true;
        port = 22;
      };

      "caladan" = {
        identitiesOnly = true;
        identityFile = "~/.ssh/id_rsa_yubikey.pub";
        certificateFile = "~/.ssh/id_rsa_yubikey-cert.pub";
        forwardAgent = true;
        port = 22;
      };

      "fugu" = {
        identitiesOnly = true;
        identityFile = "~/.ssh/id_rsa_yubikey.pub";
        certificateFile = "~/.ssh/id_rsa_yubikey-cert.pub";
        forwardAgent = true;
        port = 22;
      };

      "bitbucket.org" = {
        user = "git";
        identitiesOnly = true;
        identityFile = "~/.ssh/bitbucket_rsa";
        port = 22;
      };

    };
  };
}