diff --git a/flake.lock b/flake.lock
index 58d1a6a..f57675d 100644
--- a/flake.lock
+++ b/flake.lock
@@ -93,11 +93,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1717483170,
-        "narHash": "sha256-Xr/oYk3vmyv2a/nY8o/Wd0MdLsI5vaC38Kris7CWunM=",
+        "lastModified": 1717525419,
+        "narHash": "sha256-5z2422pzWnPXHgq2ms8lcCfttM0dz+hg+x1pCcNkAws=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "2cacdd6a27477f1fa46b7026dd806de30f164d3b",
+        "rev": "a7117efb3725e6197dd95424136f79147aa35e5b",
         "type": "github"
       },
       "original": {
diff --git a/home-manager/modules/machine.nix b/home-manager/modules/machine.nix
index da5e01a..9adea44 100644
--- a/home-manager/modules/machine.nix
+++ b/home-manager/modules/machine.nix
@@ -29,6 +29,7 @@ with lib;
     ./../programs/syncthing.nix
     ./../programs/hstr.nix
     ./../programs/thefuck.nix
+    ./../programs/ssh.nix
     ./../../nix.nix
     ./packages.nix
   ];
@@ -88,10 +89,6 @@ with lib;
         ".config/nano/nanorc".text = ''
           set linenumbers
         '';
-        ".ssh/config_source" = {
-          source = ./../dotfiles/ssh-config;
-          onChange = "cat ~/.ssh/config_source > ~/.ssh/config && chmod 600 ~/.ssh/config";
-        };
         ".gitignore".source = ./../dotfiles/.gitignore;
         ".config/pipewire/pipewire.conf.d/99-noise-suppression.conf".text = ''
           context.modules = [{
diff --git a/home-manager/programs/ssh.nix b/home-manager/programs/ssh.nix
new file mode 100644
index 0000000..d536942
--- /dev/null
+++ b/home-manager/programs/ssh.nix
@@ -0,0 +1,91 @@
+{ lib, ... }:
+
+let
+  ownDomains = [
+    "thilo-billerbeck.com"
+    "avocadoom.de"
+    "officerent.de"
+  ];
+  thiloBillerbeckHosts = [
+    "lisa"
+    "bart"
+    "burns"
+    "homer"
+    "marge"
+    "apu"
+    "krusty"
+    "skinner"
+  ];
+  manualMatchBlocks = {
+    "github.com" = {
+      identityFile = "~/.ssh/id_github-com";
+      user = "git";
+      identitiesOnly = true;
+    };
+    "mail" = { hostname = "mail.officerent.de"; };
+    "*.tu-darmstadt.de" = {
+      identityFile = "~/.ssh/id_tu-darmstadt-de";
+    };
+    "*.rwth-aachen.de" = {
+      identityFile = "~/.ssh/id_tu-darmstadt-de";
+    };
+    "*.tobias-neidig.de" = {
+      identityFile = "~/.ssh/id_tobias-neidig-de";
+    };
+    "*.darmstadt.ccc.de" = {
+      identityFile = "~/.ssh/id_darmstadt-ccc-de";
+    };
+    "*.relaix.net" = {
+      identityFile = "~/.ssh/id_relaix-net";
+      user = "tbillerbeck";
+    };
+    "*.w17.io" = {
+      user = "chaos";
+      identityFile = "~/.ssh/id_w17";
+    };
+    "*.tailscale.net" = {
+      user = "thilo";
+      identityFile = "~/.ssh/id_tailscale";
+    };
+    "ssh.dev.azure.com" = {
+      identityFile = "~/.ssh/id_azure-com";
+      identitiesOnly = true;
+      extraOptions = {
+        HostkeyAlgorithms = "+ssh-rsa";
+        PubkeyAcceptedKeyTypes = "+ssh-rsa";
+      };
+    };
+  };
+  catchAlls = builtins.listToAttrs (
+    builtins.map (host: {
+      name = "*.${host}";
+      value = {
+        identityFile = "~/.ssh/id_thilo-billerbeck-com";
+        user = "root";
+      };
+    }) ownDomains
+  );
+  hostnameAliasses = builtins.listToAttrs (
+    builtins.map (host: {
+      name = "${host}";
+      value = {
+        hostname = "${host}.thilo-billerbeck.com";
+      };
+    }) thiloBillerbeckHosts
+  );
+  buildersCCCDA = builtins.listToAttrs (
+    builtins.map (host: {
+      name = "build${host}.darmstadt.ccc.de";
+      value = {
+        	user = "avocadoom";
+          identityFile = "~/.ssh/id_darmstadt-ccc-de";
+      };
+    }) ["1" "2" "3" "4"]
+  );
+in
+{
+  programs.ssh = {
+    enable = true;
+    matchBlocks = manualMatchBlocks // catchAlls // hostnameAliasses // buildersCCCDA;
+  };
+}