From 56a64c1e0ec9ae3304885baa6cef94763d2f98a7 Mon Sep 17 00:00:00 2001
From: Philipp <philipp@boehm.sh>
Date: Sat, 15 Mar 2025 11:47:34 +0100
Subject: [PATCH] add ssh to modules, export networking from blarm

---
 modules/home/apps/thunderbird/default.nix  |  2 +-
 modules/nixos/services/ssh/default.nix     | 36 ++++++++++++++
 systems/aarch64-linux/blarm/default.nix    | 55 +++++++---------------
 systems/aarch64-linux/blarm/networking.nix | 33 +++++++++++++
 4 files changed, 86 insertions(+), 40 deletions(-)
 create mode 100644 modules/nixos/services/ssh/default.nix
 create mode 100644 systems/aarch64-linux/blarm/networking.nix

diff --git a/modules/home/apps/thunderbird/default.nix b/modules/home/apps/thunderbird/default.nix
index 3f8f8bf..30b4d76 100644
--- a/modules/home/apps/thunderbird/default.nix
+++ b/modules/home/apps/thunderbird/default.nix
@@ -11,7 +11,7 @@ let
 in
 {
   options.${namespace}.apps.thunderbird = with types; {
-    enable = mkBoolOpt false "Whether or not to enable Firefox.";
+    enable = mkBoolOpt false "Whether or not to enable Thunderbird.";
   };
 
   config = mkIf cfg.enable {
diff --git a/modules/nixos/services/ssh/default.nix b/modules/nixos/services/ssh/default.nix
new file mode 100644
index 0000000..73cc9e3
--- /dev/null
+++ b/modules/nixos/services/ssh/default.nix
@@ -0,0 +1,36 @@
+{
+lib,
+config,
+namespace,
+...
+}:
+with lib;
+with lib.${namespace};
+let
+  cfg = config.${namespace}.services.ssh;
+  defaultKeys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwUGxdwTgjc61VNh7QNfrrZwz5yHkJ6AGsRsgoDV3a4 mobile"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJqbT8AdnS++ZoL7TYg2skQUvfWx29Iq+mEYv2Ok2QHb arbeit"
+  ];
+in
+  {
+  options.${namespace}.services.ssh = {
+    enable = mkBoolOpt false "OpenSSH";
+    keys = mkOption {
+      description = "Extra keys to add to config.";
+      type = lib.types.listOf lib.types.str;
+      default = defaultKeys;
+    };
+  };
+
+  config = mkIf cfg.enable {
+    # Enable the OpenSSH daemon.
+    services.openssh = enabled;
+
+    users.users.philipp.openssh.authorizedKeys = { 
+      inherit (cfg)
+      keys;
+    };
+  };
+
+}
diff --git a/systems/aarch64-linux/blarm/default.nix b/systems/aarch64-linux/blarm/default.nix
index 9d19968..13eb874 100644
--- a/systems/aarch64-linux/blarm/default.nix
+++ b/systems/aarch64-linux/blarm/default.nix
@@ -10,6 +10,7 @@ with lib.${namespace};
   imports = [
     (modulesPath + "/installer/scan/not-detected.nix")
     (modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
+    ./networking.nix
   ];
 
   # Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
@@ -17,37 +18,6 @@ with lib.${namespace};
   # Enables the generation of /boot/extlinux/extlinux.conf
   boot.loader.generic-extlinux-compatible.enable = true;
 
-  networking = {
-    hostName = "blarm";
-    firewall.enable = false;
-    networkmanager.enable = false;
-    dhcpcd.enable = true;
-    defaultGateway.address = "192.168.1.1";
-    interfaces.end0 = {
-      useDHCP = true;
-      ipv4.addresses = [
-        {
-          address = "192.168.1.251";
-          prefixLength = 32;
-        }
-        {
-          address = "192.168.1.202";
-          prefixLength = 32;
-        }
-      ];
-      ipv6.addresses = [
-        {
-          address = "fd00:192:168:1::202";
-          prefixLength = 64;
-        }
-        {
-          address = "fd00:192:168:1::251";
-          prefixLength = 64;
-        }
-      ];
-    };
-  };
-
   nix.settings.experimental-features = [
     "nix-command"
     "flakes"
@@ -83,15 +53,22 @@ with lib.${namespace};
     ];
   };
 
-  # Enable the OpenSSH daemon.
-  services.openssh = enabled;
 
-  awesome-flake.services.caddy = enabled;
-  awesome-flake.container.technitium = enabled;
-  awesome-flake.container.invidious = enabled;
-  awesome-flake.cli.neovim = enabled;
-  awesome-flake.services.restic = enabled;
-  awesome-flake.system.sops = enabled;
+  awesome-flake = {
+    services = {
+      ssh = enabled;
+      caddy = enabled;
+      restic = enabled;
+    };
+
+    container = {
+      technitium = enabled;
+      invidious = enabled;
+    };
+
+    system.sops = enabled;
+    cli.neovim = enabled;
+  };
 
   environment.systemPackages = with pkgs; [
     git
diff --git a/systems/aarch64-linux/blarm/networking.nix b/systems/aarch64-linux/blarm/networking.nix
new file mode 100644
index 0000000..d75a0a7
--- /dev/null
+++ b/systems/aarch64-linux/blarm/networking.nix
@@ -0,0 +1,33 @@
+{
+  networking = {
+    hostName = "blarm";
+    firewall.enable = false;
+    networkmanager.enable = false;
+    dhcpcd.enable = true;
+    defaultGateway.address = "192.168.1.1";
+    interfaces.end0 = {
+      useDHCP = true;
+      ipv4.addresses = [
+        {
+          address = "192.168.1.251";
+          prefixLength = 32;
+        }
+        {
+          address = "192.168.1.202";
+          prefixLength = 32;
+        }
+      ];
+      ipv6.addresses = [
+        {
+          address = "fd00:192:168:1::202";
+          prefixLength = 64;
+        }
+        {
+          address = "fd00:192:168:1::251";
+          prefixLength = 64;
+        }
+      ];
+    };
+  };
+
+}