ssh matchset options

modules/home-manager/ssh.nix

@@ -5,18 +5,23 @@ in
 {
   flake.homeModules.ssh = { pkgs, config, lib, ... }:
   {
-    options = {
-      sshIdentityFile = lib.mkOption {
+    options.ssh = {
+      IdentityFile = lib.mkOption {
         # Intentionally not using a path type here because that will end up with the private key getting copied into the store
         type = lib.types.str;
         default = "${config.home.homeDirectory}/.ssh/id_ed25519";
         description = "Path to the SSH identity file.";
       };
+
+      matchSets = {
+        appdaemon = lib.mkEnableOption "Enable AppDaemon SSH targets";
+        certs = lib.mkEnableOption "Enable Janus and Soteria SSH targets";
+      };
     };
 
     # All this stuff has to be wrapped in a config attribute because of the presence of the options here?
     config = let
-      identityFile = config.sshIdentityFile;
+      identityFile = config.ssh.IdentityFile;
       publicKeyFile = "${identityFile}.pub";
       certificateFile = "${identityFile}-cert.pub";
       userKnownHostsFile = "${config.home.homeDirectory}/.ssh/known_hosts";
@@ -40,7 +45,8 @@ in
           IdentityAgent ~/.1password/agent.sock
         '';
 
-        matchBlocks = {
+        matchBlocks = lib.mkMerge [
+          {
             "*" = {
               user = "john";
 
@@ -57,7 +63,13 @@ in
               addKeysToAgent = "yes";
               forwardAgent = false;
             };
-
+          }
+          (lib.mkIf config.ssh.matchsets.appdaemon {
+            "appdaemon" = {
+              hostname = "192.168.1.242";
+            };
+          })
+          (lib.mkIf config.ssh.matchsets.certs {
             "janus" = {
               hostname = "janus.john-stream.com";
               user = "root";
@@ -66,7 +78,8 @@ in
               hostname = "soteria.john-stream.com";
               user = "john";
             };
-        };
+          })
+        ];
       };
     };
   };