{ pkgs, config, ... }:
{
  # https://github.com/nix-community/home-manager/blob/master/modules/programs/ssh.nix
  programs.ssh = {
    enable = true;
    forwardAgent = true;
    serverAliveInterval = 60;
    controlMaster = "auto";
    controlPersist = "30m";
    controlPath = "${config.home.homeDirectory}/.ssh/sockets/S.%r@%h:%p";

    matchBlocks = {
      "git.fcuny.net" = {
        proxyCommand = "${pkgs.cloudflared}/bin/cloudflared access ssh --hostname %h";
      };
      "github.com" = {
        hostname = "github.com";
        user = "git";
        forwardAgent = false;
        extraOptions = {
          preferredAuthentications = "publickey";
          controlMaster = "no";
          controlPath = "none";
        };
      };
    };
  };

  home.file = {
    # we need this path to be created so that the control path can be used.
    ".ssh/sockets/.keep".text = "# Managed by Home Manager";
  };
}