nix-config/modules/nixos/hosts/candlekeep/ssh-hosts.nix

{ ... }:
{
  programs.ssh = {
    enable = true;
    hashKnownHosts = true;
    matchBlocks = {
      "router" = {
        hostname = "router.local.gwg313.xyz";
        user = "glen";
        identityFile = "/home/gwg313/.ssh/home/id_ed25519";
      };
      "github.com" = {
        hostname = "github.com";
        identityFile = "/home/gwg313/.ssh/github/id_ed25519";
      };
      "candlekeep" = {
        hostname = "candlekeep.local.gwg313.xyz";
        user = "gwg313";
        identityFile = "/home/gwg313/.ssh/home/id_ed25519";
      };
      "candlekeep.zt" = {
        hostname = "candlekeep.zt"; # added to hosts in zerotier config
        user = "gwg313";
        identityFile = "/home/gwg313/.ssh/home/id_ed25519";
      };
      "grymforge" = {
        hostname = "grymforge.local.gwg313.xyz";
        user = "gwg313";
        identityFile = "/home/gwg313/.ssh/home/id_ed25519";
      };
      "grymforge.zt" = {
        hostname = "grymforge.zt"; # added to hosts in zerotier config
        user = "gwg313";
        identityFile = "/home/gwg313/.ssh/home/id_ed25519";
        extraOptions = {
          "VisualHostKey" = "no";
        };
      };

      "waypoint" = {
        hostname = "waypoint.local.gwg313.xyz";
        user = "root";
        identityFile = "/home/gwg313/.ssh/colmena/id_ed25519";
      };

      "seikan" = {
        hostname = "147.182.147.32";
        user = "root";
        identityFile = "/home/gwg313/.ssh/digital_ocean/id_ed25519";
      };

      "panopticon" = {
        hostname = "10.1.10.9";
        user = "root";
        identityFile = "/home/gwg313/.ssh/colmena/id_ed25519";
      };

      "vault-tec" = {
        hostname = "10.1.10.13";
        user = "root";
        identityFile = "/home/gwg313/.ssh/colmena/id_ed25519";
      };

      "qnx" = {
        hostname = "10.1.40.32";
        user = "qnxuser";
        identitiesOnly = true;
        identityFile = "/home/gwg313/.ssh/qnxuser";
        extraOptions = {
          "Ciphers" = "aes256-ctr";
        };
      };

      "qnxzt" = {
        hostname = "10.1.40.32";
        user = "qnxuser";
        identitiesOnly = true;
        identityFile = "/home/gwg313/.ssh/qnxuser";
        proxyJump = "grymforge.zt";
        extraOptions = {
          "Ciphers" = "aes256-ctr";
          "VisualHostKey" = "no";
        };
      };

      "qnxproj" = {
        hostname = "10.1.10.66";
        user = "qnxuser";
        identitiesOnly = true;
        identityFile = "/home/gwg313/.ssh/qnxuser";
        proxyJump = "bastion";
        extraOptions = {
          "Ciphers" = "aes256-ctr";
          "VisualHostKey" = "no";
        };
      };

      "bastion" = {
        hostname = "10.1.10.9";
        user = "bastion";
        identitiesOnly = true;
        identityFile = "/home/gwg313/.ssh/qnxuser";
      };
    };
  };
}