{ lib, ... }:
{
  programs.ssh = {
    enable = true;
    enableDefaultConfig = false;

    matchBlocks."*" = {
      addKeysToAgent = lib.mkDefault "yes";
      compression = lib.mkDefault false;
      controlMaster = lib.mkDefault "no";
      controlPath = lib.mkDefault "~/.ssh/master-%r@%n:%p";
      controlPersist = lib.mkDefault "no";
      forwardAgent = lib.mkDefault true;
      hashKnownHosts = lib.mkDefault false;
      serverAliveCountMax = lib.mkDefault 3;
      serverAliveInterval = lib.mkDefault 0;
      userKnownHostsFile = lib.mkDefault "~/.ssh/known_hosts";
    };
  };

  services.ssh-agent.enable = true;
}