{ config, pkgs, ... }:
{
  programs.ssh = {
    # NOTE: if issues arise, check out this option; we may need to set some
    # of the default options again, manually.
    enableDefaultConfig = false;
    enable = true;
    matchBlocks = {
      "*" = {
        addKeysToAgent = "yes";
        forwardAgent = true;
      };
    };
  };

  services.ssh-agent.enable = true;
}