{ config, lib, pkgs, ... }:

with lib;

{
  config = {
    programs.ssh = {
      enable = true;
      matchBlocks = {
        dynamicBindPathNoPort = {
          dynamicForwards = [
            {
              # OK:
              address = "/run/user/1000/gnupg/S.gpg-agent.extra";
            }
          ];
        };

        dynamicBindAddressWithPort = {
          dynamicForwards = [
            {
              # OK:
              address = "127.0.0.1";
              port = 3000;
            }
          ];
        };
      };
    };

    home.file.result.text =
      builtins.toJSON
      (map (a: a.message)
      (filter (a: !a.assertion)
        config.assertions));

    nmt.script = ''
      assertFileExists home-files/.ssh/config
      assertFileContent \
        home-files/.ssh/config \
        ${./forwards-dynamic-valid-bind-no-asserts-expected.conf}
      assertFileContent home-files/result ${./no-assertions.json}
    '';
  };
}