{ config, lib, pkgs, ... }:

with lib;

{
  config = {
    programs.ssh = {
      enable = true;
      matchBlocks = {
        dynamicBindPathNoPort = {
          dynamicForwards = [{
            # OK:
            address = "/run/user/1000/gnupg/S.gpg-agent.extra";
          }];
        };

        dynamicBindAddressWithPort = {
          dynamicForwards = [{
            # OK:
            address = "127.0.0.1";
            port = 3000;
          }];
        };
      };
    };

    home.file.result.text = builtins.toJSON
      (map (a: a.message) (filter (a: !a.assertion) config.assertions));

    nmt.script = ''
      assertFileExists home-files/.ssh/config
      assertFileContent \
        home-files/.ssh/config \
        ${./forwards-dynamic-valid-bind-no-asserts-expected.conf}
      assertFileContent home-files/result ${./no-assertions.json}
    '';
  };
}