{
  lib,
  config,
  clanLib,
  ...
}:
with lib;
with types;
let
  machines = clanLib.allMachineNames;
  publicKey = clanLib.readFact "ssh.id_ed25519.pub";
  tld = config.clan.static-hosts.topLevelDomain;
  knownHosts = lib.genAttrs machines (machine: {
    hostNames = [
      "${machine}"
      "${machine}.${tld}"
      "${machine}.private"
    ];
    publicKey = publicKey machine;
  });
  bootMachines = clanLib.readFactFromAllMachines "ssh.boot.id_ed25519.pub";
  knownBootHosts = lib.mapAttrs' (
    machine: publicKey:
    nameValuePair "boot_${machine}" {
      inherit publicKey;
      hostNames = [
        "[${machine}]:2222"
        "[${machine}.public]:2222"
      ];
    }
  ) bootMachines;
in
{

  # todo : move this to the proper place
  options.components.network.zerotier = {
    enable = mkOption {
      type = bool;
      default = false; # todo : properly set this
    };
  };

  config = mkIf config.components.network.zerotier.enable {
    services.openssh.knownHosts = knownHosts // knownBootHosts;
  };
}