{ config, ... }:
{
  programs.ssh = {
    enable = true;
    enableDefaultConfig = false;
    matchBlocks = {
      "*" = { };
      "github.com" = {
        host = "github.com";
        user = "git";
        identitiesOnly = true;
        identityFile = [ config.sops.secrets."github_ssh_key".path ];
      };
    };
  };
}