{ lib, config, nodes, ... }:

with lib;

{
  fileSystems."home" = {
    mountPoint = "/home";
    device = "manager.${config.networking.domain}:/home";
    fsType = "nfs";
    options = [
      "nfsvers=4.2"
      "noauto"
      "x-systemd.automount"
      "x-systemd.idle-timeout=600"
    ];
  };

  services.openssh = {
    #logLevel = "DEBUG3";

    extraConfig = ''
      IgnoreRhosts no

      Match Group cluster
        HostbasedAuthentication yes
        HostbasedAcceptedAlgorithms ssh-ed25519*
        HostbasedUsesNameFromPacketOnly yes
    '';
  };

  environment.etc."ssh/shosts.equiv".text = concatMapStringsSep "\n"
    (node: node.config.networking.fqdn)
    (attrValues nodes);
}