{ ... }:

{
  services.ssh-agent.enable = true;

  home.sessionVariables = {
    SSH_AUTH_SOCK = "$XDG_RUNTIME_DIR/ssh-agent";
  };

  programs.ssh = {
    enable = true;
    enableDefaultConfig = false;
    matchBlocks = {
      "*" = {
        identitiesOnly = true;
      };

      include ./ssh-hosts.nix
    };
  };
}