1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

{ config, ... }:
{
  programs.ssh = {
    enable = true;
    includes = [ config.age.secrets.ssh-config.path ];
    extraConfig = ''
      IdentitiesOnly yes
    '';
    # TODO modify this? This is what the old defaults were.
    enableDefaultConfig = false;
    matchBlocks."*" = {
      forwardAgent = false;
      addKeysToAgent = "no";
      compression = false;
      serverAliveInterval = 0;
      serverAliveCountMax = 3;
      hashKnownHosts = false;
      userKnownHostsFile = "~/.ssh/known_hosts";
      controlMaster = "no";
      controlPath = "~/.ssh/master-%r@%n:%p";
      controlPersist = "no";
    };
  };
  services.ssh-agent.enable = true;
}