{ config, ... }:
{
  programs.ssh = {
    enable = true;
    enableDefaultConfig = false;
    matchBlocks = {
      "*" = {
        forwardAgent = true;
        serverAliveInterval = 60;
        controlPersist = "30m";
        controlPath = "${config.home.homeDirectory}/.ssh/sockets/S.%r@%h:%p";
        controlMaster = "auto";
      };
      "rivendell" = {
        hostname = "192.168.1.114";
      };
      "riv-unlock" = {
        hostname = "192.168.1.114";
        user = "root";
        port = 911;
      };
      "nas" = {
        hostname = "192.168.1.68";
      };
      "bree" = {
        hostname = "192.168.1.50";
      };
      "argonath" = {
        hostname = "fcuny.net";
      };
      "github.com" = {
        hostname = "github.com";
        user = "git";
        forwardAgent = false;
        extraOptions = {
          preferredAuthentications = "publickey";
          controlMaster = "no";
          controlPath = "none";
        };
      };
    };
  };

  home.file = {
    # we need this path to be created so that the control path can be used.
    ".ssh/sockets/.keep".text = "# Managed by Home Manager";
  };
}