{ osConfig, ... }:

let
  host = "index";
  address = "192.168.1.2";

  agentPath = "/run/user/${toString osConfig.users.users.encode42.uid}/gnupg/S.gpg-agent";
  remoteForwards = [
    {
      bind.address = agentPath;
      host.address = agentPath + ".extra";
    }
  ];
in
{
  programs.ssh = {
    enable = true;
    enableDefaultConfig = false;

    matchBlocks = {
      "index-local" = {
        inherit remoteForwards;

        match = "host ${host} exec 'ping -c1 -W0.5 ${address} >/dev/null 2>&1'";
        hostname = address;

        forwardAgent = true;
      };

      "index-remote" = {
        inherit host remoteForwards;

        hostname = "encrypted.group";

        forwardAgent = true;
      };
    };
  };
}