{ lib, config, ... }:

let
  cfg = config.snowhawk.ssh;
in
{
  options.snowhawk.ssh = {
    enable = lib.mkEnableOption "ssh";

    homeNetwork = lib.mkEnableOption "include local hostnames for home network devices";
  };

  config = lib.mkIf cfg.enable {
    programs.ssh = {
      enable = true;
      includes = [
        "conf.d/*"
      ];
      matchBlocks = {
        "git.zynh.me" = {
          hostname = "git.zynh.me";
          user = "git";
          port = 2221;
          identityFile = "${config.home.homeDirectory}/.ssh/personal_git";
        };
        msiserver = {
          hostname = "scarlet.zynh.me";
          user = "zynh";
          identityFile = "${config.home.homeDirectory}/.ssh/msiserver";
        };
        "msiserver.local" = lib.mkIf cfg.homeNetwork {
          hostname = "msiserver";
          user = "zynh";
          identityFile = "${config.home.homeDirectory}/.ssh/msiserver";
        };
        caveserver = {
          identityFile = "${config.home.homeDirectory}/.ssh/caveserver";
        };
      };
    };

    sops.secrets =
      let
        home = config.home.homeDirectory;
      in
      {
        "private_keys/msiserver" = {
          path = "${home}/.ssh/msiserver";
        };
        "private_keys/caveserver" = {
          path = "${home}/.ssh/caveserver";
        };
        "ssh_hosts/caveserver" = {
          path = "${home}/.ssh/conf.d/caveserver_config";
        };
      };
  };
}