{ pkgs, config, lib, ... }: with lib; let cfg = config.eboskma.programs.ssh; in { options.eboskma.programs.ssh = { enable = mkEnableOption "activate ssh"; }; config = mkIf (cfg.enable) { programs.ssh = { enable = true; hashKnownHosts = true; matchBlocks = { "*" = { identityFile = "~/.ssh/id_ed25519"; identitiesOnly = true; extraOptions = { Ciphers = "chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr"; KexAlgorithms = "curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256"; MACs = "hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com"; HostKeyAlgorithms = "ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com"; }; }; home = { host = "home"; hostname = "10.0.0.2"; extraOptions = { ControlMaster = "auto"; ControlPersist = "5m"; }; }; horus = { host = "horus"; hostname = "10.1.0.2"; proxyJump = "home"; extraOptions = { ControlMaster = "auto"; ControlPersist = "5m"; }; }; proxy = { hostname = "10.0.0.251"; }; "git.datarift.nl" = { hostname = "10.0.0.201"; }; fluiddpi = { hostname = "10.0.0.120"; user = "pi"; }; horus-vpn = { hostname = "192.168.4.202"; }; "repohost.bedum.horus.nu" = { forwardAgent = true; }; }; }; }; }