nixcfg/modules/darwin/security/ssh/default.nix

{
  lib,
  config,
  pkgs,
  inputs,
  ...
}:

let
  inherit (lib) types mkEnableOption mkIf;
  inherit (lib.metacfg) mkOpt;

  cfg = config.metacfg.security.ssh;
in
{
  options.metacfg.security.ssh = {
    enable = mkEnableOption "SSH";
  };

  config = mkIf cfg.enable {
    environment.systemPackages = with pkgs; [ openssh ];
    launchd.user.agents.ssh-agent.serviceConfig = {
      EnvironmentVariables.SSH_AUTH_SOCK = "/Users/harald/.ssh/ssh-agent.sock";
      ProgramArguments = [
        "${pkgs.openssh}/bin/ssh-agent"
        "-s"
        "-D"
      ];
      RunAtLoad = true;
      #KeepAlive.SuccessfulExit = true;
    };
  };
}