{ config, lib, pkgs, ... }:
with lib; let
  cfg = config.local.environ;
in
{
  config = mkIf cfg.enable {
    programs.ssh = {
      enable = true;

      compression = true;
      controlMaster = "autoask";
      controlPath = "/run/user/%i/ssh/master-%r@%n:%p";

      extraOptionOverrides.AddKeysToAgent = "true";

      matchBlocks = import ./ssh-match.nix;
    };

    systemd.user.tmpfiles.rules = [
      "d %t/ssh 0700"
    ];
  };
}