{ lib, config, ... }: let cfg = config.snowhawk.ssh; sops = config.snowhawk.sops.enable; secrets = config.sops.secrets; ifSops = lib.mkIf sops; in { options.snowhawk.ssh = { enable = lib.mkEnableOption "ssh"; homeNetwork = lib.mkEnableOption "include local hostnames for home network devices"; }; config = let sshDir = config.home.homeDirectory + "/.ssh"; in lib.mkIf cfg.enable { programs.ssh = { enable = true; includes = [ "conf.d/*" ]; matchBlocks = { "git.zynh.me" = { hostname = "git.zynh.me"; user = "git"; port = 2221; identityFile = ifSops secrets."private_keys/personal_git".path; }; snowhawk = { identityFile = ifSops secrets."private_keys/snowhawk".path; }; msiserver = { hostname = "scarlet.zynh.me"; user = "zynh"; identityFile = ifSops secrets."private_keys/msiserver".path; }; "msiserver.local" = lib.mkIf cfg.homeNetwork { hostname = "msiserver"; user = "zynh"; identityFile = ifSops secrets."private_keys/msiserver".path; }; caveserver = { identityFile = ifSops secrets."private_keys/caveserver".path; }; }; }; sops.secrets = ifSops { "private_keys/msiserver" = { }; "private_keys/caveserver" = { }; "private_keys/snowhawk" = { }; "private_keys/personal_git" = { }; "ssh_hosts/caveserver".path = "${sshDir}/conf.d/caveserver_config"; }; }; }