{config, lib, pkgs, inputs, ...}:
let cfg = config.profiles.ssh;
in {
  options.profiles.ssh.enable =
    lib.mkEnableOption "SSH configuration (keys not included)";
  config = lib.mkIf cfg.enable {
    services.ssh-agent.enable = true;
    programs.ssh = {
      enable = true;
      enableDefaultConfig = false;
      matchBlocks = {
        "*" = {
          addKeysToAgent = "yes";
          identitiesOnly = true;
        };
        anubis = {
          hostname = "anubis.bahamut.monster";
          user = "root";
          identityFile = "~/.ssh/id_ed25519";
          forwardAgent = true;
        };
        uruk = {
          user = "joshua";
          identityFile = "~/.ssh/id_ed25519";
          forwardAgent = true;
        };
        github = {
          hostname = "github.com";
          user = "git";
          identityFile = "~/.ssh/id_ed25519";
        };
        tangled = {
          hostname = "tangled.org";
          user = "git";
          identityFile = "~/.ssh/id_ed25519";
        };
      };
    };
  };
}