{ lib, config, ... }: let cfg = config.snowhawk.ssh; sops = config.snowhawk.sops.enable; secrets = config.sops.secrets; ifSops = lib.mkIf sops; keyPathIfSops = key: ifSops secrets.${"private_keys/" + key}.path; in { options.snowhawk.ssh = { enable = lib.mkEnableOption "ssh"; homeNetwork = lib.mkEnableOption "include local hostnames for home network devices"; }; config = let sshDir = config.home.homeDirectory + "/.ssh"; in lib.mkIf cfg.enable { programs.ssh = { enable = true; includes = [ "conf.d/*" ]; matchBlocks = { "git.zynh.me" = { hostname = "git.zynh.me"; user = "git"; port = 2221; identityFile = keyPathIfSops "personal_git"; }; snowhawk = { hostname = "192.168.0.21"; user = "ravenshade"; proxyJump = "zynh@msiserver"; identityFile = keyPathIfSops "snowhawk"; }; msiserver = { hostname = "scarlet.zynh.me"; user = "zynh"; identityFile = keyPathIfSops "msiserver"; }; "msiserver.local" = lib.mkIf cfg.homeNetwork { hostname = "msiserver"; user = "zynh"; identityFile = keyPathIfSops "msiserver"; }; caveserver = { identityFile = keyPathIfSops "caveserver"; }; }; }; sops.secrets = ifSops { "private_keys/msiserver" = { }; "private_keys/caveserver" = { }; "private_keys/snowhawk" = { }; "private_keys/personal_git" = { }; "ssh_hosts/caveserver".path = "${sshDir}/conf.d/caveserver_config"; }; }; }