{ lib, config, nodes, ... }:

with lib;

{
  fileSystems."home" = {
    mountPoint = "/home";
    device = "manager.${config.networking.domain}:/home";
    fsType = "nfs";
    options = [
      "nfsvers=4.2"
      "noauto"
      "x-systemd.automount"
      "x-systemd.idle-timeout=600"
    ];
  };

  services.openssh = {
    settings = {
      #LogLevel = "DEBUG3";
    };

    extraConfig = ''
      IgnoreRhosts no

      Match Group cluster
        HostbasedAuthentication yes
        HostbasedAcceptedAlgorithms ssh-ed25519*
        HostbasedUsesNameFromPacketOnly yes
    '';
  };

  environment.etc."ssh/shosts.equiv".text = concatStringsSep "\n" (concatMap
    (node: [
      node.config.networking.hostName
      node.config.networking.fqdn
    ])
    (attrValues nodes));
}