{ pkgs, ... }@all: with all; {
  home.packages = with pkgs; [ sshfs ];
  programs.ssh = {
    enable = true;
    package = pkgs.openssh;
    addKeysToAgent = "yes";
    matchBlocks = let
      nxace = name: {
        host = name;
        hostname = "ssh.${hyper.domain}";
        user = hyper.user;
        port = 50022;
        identityFile = "${hyper.home}/vault/ssh/nxace-nx2-${hyper.host}";
      };
    in {
      "*" = {
        identityFile = [
          "${hyper.home}/vault/ssh/nxgit-nx2-${hyper.host}"
          "${hyper.home}/vault/ssh/github-noggynoggy-${hyper.host}"
        ];
      };
      "nxace" = nxace "nxace";
      "nxacel" = (nxace "nxacel") // { hostname = "10.0.1.1"; };
      "nxrpli" = (nxace "nxrpil") // { hostname = "10.0.1.31"; port = 22; };
      "nxgit" = (nxace "nxgit") // {
        user = "git";
        identityFile = "${hyper.home}/vault/ssh/nxgit-nx2-${hyper.host}";
        # addKeysToAgent = "1h";
      };
    };
  };
  services.ssh-agent = {
    enable = true;
    # socket = "ssh-agent"; # suffix to $XDG_RUNTIME_DIR
    # package = pkgs.openssh;
  };
}