diff --git a/profiles/basic/ssh.nix b/profiles/basic/ssh.nix
index a666c67..6878225 100644
--- a/profiles/basic/ssh.nix
+++ b/profiles/basic/ssh.nix
@@ -6,47 +6,82 @@
 }:
 {
 
+  home-manager.users.mysaa = { lib, ... }: {
   programs.ssh = {
-    extraConfig = ''
-      Host git-ssh.hadoly.fr
-        Hostname git-ssh.hadoly.fr
-        IdentityFile /run/secrets/ssh/mysaa@git.hadoly.fr
-        Port 6900
+    enable = true;
+    matchBlocks = {
+      git-hadoly = {
+        host = "git-ssh.hadoly.fr";
+        hostname = "git-ssh.hadoly.fr";
+        identityFile = "/run/secrets/ssh/mysaa@git.hadoly.fr";
+        identitiesOnly = true;
+        port = 6900;
+      };
+      gitlab-aliens = {
+        host = "gitlab.aliens-lyon.fr";
+        hostname = "gitlab.aliens-lyon.fr";
+        identityFile = "/run/secrets/ssh/savrillo@gitlab.aliens-lyon.fr";
+        identitiesOnly = true;
+      };
+      github = {
+        host = "github.com";
+        hostname = "github.com";
+        identityFile = "/run/secrets/ssh/MysaaJava@github.com";
+        identitiesOnly = true;
+      };
+      gitlab = {
+        host = "gitlab.inria.fr";
+        hostname = "gitlab.inria.fr";
+        identityFile = "/run/secrets/ssh/savrillo@gitlab.inria.fr";
+        identitiesOnly = true;
+        user = "savrillo";
+      };
+      ens = {
+        host = "ens";
+        hostname = "ssh.ens-lyon.fr";
+        identityFile = "/run/secrets/ssh/savrillo@ssh.ens-lyon.fr";
+        identitiesOnly = true;
+        user = "savrillo";
+      };
+      protomolecule = {
+        host = "protomolecule";
+        hostname = "aliens-lyon.fr";
+        identityFile = "/run/secrets/ssh/mysaa@protomolecule.aliens-lyon.fr";
+        identitiesOnly = true;
+        user = "mysaa";
+        port = 2222;
+        proxyJump = "ens";
+      };
+      teapot = {
+        host = "teapot";
+        hostname = "teapot.ens-lyon.fr";
+        identityFile = "/run/secrets/ssh/enverts@teapot.ens-lyon.fr";
+        identitiesOnly = true;
+        user = "enverts";
+      };
+      midori = {
+        host = "midori";
+        hostname = "midori.bernard.com.de";
+        identityFile = "/run/secrets/ssh/mysaa@midori.bernard.com.de";
+        identitiesOnly = true;
+        user = "mysaa";
+      };
 
-      Host github.com
-        HostName github.com
-        IdentityFile /run/secrets/ssh/MysaaJava@github.com
+      nasvrillon-local = lib.hm.dag.entryBefore ["nasvrillon-remote"] {
+        match = ''host nasvrillon exec "nc -w 1 -z 192.168.1.39 5001"'';
+        hostname = "192.168.1.39";
+        port = 22;
+      };
+      nasvrillon-remote = {
+        host = "nasvrillon";
+        hostname = "nasvrillon.myqnapcloud.com";
+        user = "samy";
+        port = 6962;
+        extraOptions."ConnectTimeout" = "10";
+        addressFamily = "inet";
+      };
 
-      Host midori
-        HostName midori.bernard.com.de
-        User mysaa
-        IdentityFile /run/secrets/ssh/mysaa@midori.bernard.com.de
-
-      Match host nasvrillon exec "nc -w 1 -z 192.168.1.39 5001"
-        HostName 192.168.1.39
-        Port 22
-      Host nasvrillon
-        HostName nasvrillon.myqnapcloud.com
-        User samy
-        Port 6962
-        ConnectTimeout 10
-        AddressFamily inet
-
-      Host gitlab.aliens-lyon.fr
-        HostName gitlab.aliens-lyon.fr
-        User savrillo
-        IdentityFile /run/secrets/ssh/savrillo@gitlab.ens-lyon.fr
-
-      Host teapot
-        HostName teapot.ens-lyon.fr
-        User enverts
-        IdentityFile /run/secrets/ssh/enverts@teapot.ens-lyon.fr
-
-      Host gitlab.inria.fr
-        HostName gitlab.inria.fr
-        User savrillo
-        IdentityFile /run/secrets/ssh/savrillo@gitlab.inria.fr
-    '';
+    };
+  };
   };
-
 }