{ config, ... }:
{
  programs.ssh = {
    enable = true;
    enableDefaultConfig = false;
    matchBlocks = {
      "*" = {
        controlMaster = "auto";
        controlPath = "${config.home.homeDirectory}/.ssh/sockets/S.%r@%h:%p";
        controlPersist = "30m";
        forwardAgent = false;
        identitiesOnly = true;
        identityAgent = "none";
        identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519_sk_rk";
        serverAliveInterval = 60;
      };
      "riv" = {
        hostname = "192.168.1.114";
      };
      "riv-unlock" = {
        hostname = "192.168.1.114";
        user = "root";
        port = 911;
      };
      "nas" = {
        hostname = "192.168.1.68";
      };
      "nnas" = {
        hostname = "192.168.1.68";
        user = "nas";
      };
      "bree" = {
        hostname = "192.168.1.50";
      };
      "argonath" = {
        hostname = "fcuny.net";
      };
      "github.com" = {
        hostname = "github.com";
        user = "git";
        extraOptions = {
          controlMaster = "no";
          controlPath = "none";
        };
      };
    };
  };

  home.file = {
    # we need this path to be created so that the control path can be used.
    ".ssh/sockets/.keep".text = "# Managed by Home Manager";
  };
}