# /nix/store/<hash>/etc/ssh/ssh_config & /nix/store/<hash>/etc/ssh/authorized_keys
{
  systemConfig,
  systems,
  knownSystems,
  common,
  ...
}:
with builtins;
let
  allSystems = knownSystems ++ systems;
in
{
  programs.ssh.knownHosts = listToAttrs (
    map (system: {
      name = system.hostName;
      value = {
        extraHostNames = [
          (
            if (system ? address && system.address ? tailnet) then
              system.address.tailnet
            else
              common.tailnetAddr system.hostName
          )
        ];
        publicKey = system.ssh.publicKey;
      };
    }) allSystems
  );
  users.users.${systemConfig.username}.openssh.authorizedKeys.keys = (
    map (system: system.ssh.publicKey) allSystems
  );
}