{ lib, config, ... }: let cfg = config.snowhawk.ssh; sops = config.snowhawk.sops.enable; secrets = config.sops.secrets; ifSops = lib.mkIf sops; keyPathIfSops = key: ifSops secrets.${"private_keys/" + key}.path; in { options.snowhawk.ssh = { enable = lib.mkEnableOption "ssh"; homeNetwork = lib.mkEnableOption "include local hostnames for home network devices"; }; config = let sshDir = config.home.homeDirectory + "/.ssh"; in lib.mkIf cfg.enable { programs.ssh = { enable = true; includes = [ "conf.d/*" ]; matchBlocks = rec { "git.zynh.me" = { hostname = "git.zynh.me"; user = "git"; port = 2221; identityFile = keyPathIfSops "personal_git"; }; "github.com" = { hostname = "github.com"; user = "git"; identityFile = keyPathIfSops "github"; }; snowhawk = { hostname = "192.168.0.22"; user = "ravenshade"; proxyJump = "ravenshade@permafrost"; identityFile = keyPathIfSops "snowhawk"; }; permafrost = { hostname = "scarlet.zynh.me"; user = "zynh"; identityFile = keyPathIfSops "msiserver"; }; "msiserver.local" = lib.mkIf cfg.homeNetwork { hostname = "permafrost"; user = "zynh"; identityFile = keyPathIfSops "msiserver"; }; caveserver = { identityFile = keyPathIfSops "caveserver"; }; virtmsi = { hostname = "192.168.122.76"; identityFile = keyPathIfSops "snowhawk"; }; }; }; sops.secrets = ifSops { "private_keys/msiserver" = { }; "private_keys/caveserver" = { }; "private_keys/snowhawk" = { }; "private_keys/personal_git" = { }; "private_keys/github" = { }; "ssh_hosts/caveserver".path = "${sshDir}/conf.d/caveserver_config"; }; }; }