workmac/ssh: only enable multiplexing for jump hosts

otherwise reboot checks for remote machines were stuck waiting for the
jump host socket.

quick fix, could be nicer, introduces code duplication

home/workmac.nix

@@ -35,12 +35,8 @@ in
     enable = true;
     # defaults in bottom match block "*"
     # TODO: common config for desktop as well
-    # multiplexer, e.g. to avoid rate limiting on jumphost usage
     serverAliveInterval = 10;
     serverAliveCountMax = 2; # 2 strikes and you're out
-    controlMaster = "auto";
-    # not too long, due to the frequent keepalives
-    controlPersist = "1h";
     # ssh host config
     matchBlocks = {
 
@@ -60,14 +56,21 @@ in
         extraOptions = {
           LogLevel = "Verbose";
           AddressFamily = "inet";
+          ControlMaster = "auto";
+          # not too long, due to the frequent keepalives
+          ControlPersist = "1h";
         };
 
       };
       "fcio-rzob-jump" = lib.hm.dag.entryAfter [ "*" ] {
+        # multiplexer, e.g. to avoid rate limiting on jumphost usage
         hostname = "vpn-rzob.services.fcio.net";
         extraOptions = {
           LogLevel = "Verbose";
           AddressFamily = "inet";
+          ControlMaster = "auto";
+          # not too long, due to the frequent keepalives
+          ControlPersist = "1h";
         };
 
       };