{ config, lib, pkgs, username, ... }:
let socket = "/run/${username}/1000/ssh-agent";
in {
  hm = {
    programs.ssh = {
      enable = true;
      hashKnownHosts = true;

      matchBlocks = {
        "cepheus" = {
          hostname = "nothing.run";
          user = "root";
          port = 22;
        };
      };

      extraConfig = "ObscureKeystrokeTiming yes";
      forwardAgent = true;
      addKeysToAgent = "yes";
    };
    services.ssh-agent.enable = true;
    home.sessionVariables = {
      # SSH_ASKPASS = lib.mkForce pkgs.kdePackages.ksshaskpass;
      SSH_AUTH_SOCK = socket;
    };
  };
  imp.home.dirs = [ ".ssh" ];
  services.openssh = {
    enable = lib.mkDefault false;
    openFirewall = lib.mkDefault false;
  };

  systemd.user.services.ssh-agent-delete-keys =
  let 
    ssh-add = "${pkgs.openssh}/bin/ssh-add";
    script = pkgs.writeShellScript "ssh-agent-delete-keys" ''
while true; do
  state="$(${ssh-add} -l)"
  # if (echo $state | grep -i "The agent has no identities"); then
  if [[ $state != *"The agent has no identities"* ]]; then
    echo "Detected adding of key: $(${ssh-add} -l)"
    sleep $SSH_AGENT_KEY_LIFETIME
    ${ssh-add} -D
    echo "Deleted the key: $(${ssh-add} -l)"
  fi
  sleep 2
done
  '';
  in {
    enable = true;
    after = [ "ssh-agent.service" ];
    wantedBy = [ "default.target" ];
    serviceConfig = {
      Type = "simple";
      ExecStart = script;
    };
    environment = {
      SSH_AUTH_SOCK = socket;
      SSH_AGENT_KEY_LIFETIME = "180";
    };
  };
}