1 files changed, 23 insertions, 11 deletions

diff --git a/modules/by-name/ss/ssh/module.nix b/modules/by-name/ss/ssh/module.nix
index 91cc4aeb..f7218e36 100644
--- a/modules/by-name/ss/ssh/module.nix
+++ b/modules/by-name/ss/ssh/module.nix
@@ -14,6 +14,18 @@
   ...
 }: let
   cfg = config.soispha.programs.ssh;
+
+  mkDefaultMatchBlock = userKnownHostsFile: {
+    addKeysToAgent = "no";
+    compression = true;
+    controlMaster = "no";
+    controlPersist = "no";
+    forwardAgent = false;
+    hashKnownHosts = false;
+    serverAliveCountMax = 3;
+    serverAliveInterval = 240;
+    inherit userKnownHostsFile;
+  };
 in {
   options.soispha.programs.ssh = {
     enable = lib.mkEnableOption "ssh config";
@@ -34,21 +46,21 @@ in {
     home-manager.users = {
       root.programs.ssh = {
         enable = true;
-        compression = true;
-        hashKnownHosts = false;
-        serverAliveInterval = 240;
-        userKnownHostsFile = builtins.toString (pkgs.writeTextFile {
-          name = "root-known-hosts";
-          text = cfg.rootKnownHosts;
-        });
+        enableDefaultConfig = false;
+
+        matchBlocks."*" = mkDefaultMatchBlock (
+          builtins.toString (pkgs.writeTextFile {
+            name = "root-known-hosts";
+            text = cfg.rootKnownHosts;
+          })
+        );
       };
 
       soispha.programs.ssh = {
         enable = true;
-        compression = true;
-        hashKnownHosts = false;
-        serverAliveInterval = 240;
-        userKnownHostsFile = "${config.home-manager.users.soispha.xdg.dataHome}/ssh/known_hosts";
+        enableDefaultConfig = false;
+
+        matchBlocks."*" = mkDefaultMatchBlock "${config.home-manager.users.soispha.xdg.dataHome}/ssh/known_hosts";
       };
     };
   };