From 460f9b2aa865d4aa53d406485547ff190893d7da Mon Sep 17 00:00:00 2001
From: Felix Buehler <account@buehler.rocks>
Date: Wed, 15 Feb 2023 21:17:09 +0100
Subject: [PATCH] service/initrd-ssh: init from legacy

---
 legacy/modules/networkdecrypt.nix       | 22 -----------------
 machines/newton/configuration.nix       |  4 ----
 machines/newton/services.nix            |  3 +++
 modules/services/default.nix            |  1 +
 modules/services/initrd-ssh/default.nix | 32 +++++++++++++++++++++++++
 5 files changed, 36 insertions(+), 26 deletions(-)
 delete mode 100644 legacy/modules/networkdecrypt.nix
 create mode 100644 modules/services/initrd-ssh/default.nix

diff --git a/legacy/modules/networkdecrypt.nix b/legacy/modules/networkdecrypt.nix
deleted file mode 100644
index 5a6c81f..0000000
--- a/legacy/modules/networkdecrypt.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{ pkgs, config, ... }:
-
-{
-  boot.initrd.network = {
-    enable = true;
-
-    ssh = {
-      enable = true;
-      port = 2222;
-      hostKeys = [
-        "/etc/secrets/initrd/ssh_host_ed25519_key"
-      ];
-      authorizedKeys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFx6OLwL9MbkD3mnMsv+xrzZHN/rwCTgVs758SCLG0h felix@thinkman"
-      ];
-    };
-
-    postCommands = ''
-      echo 'cryptsetup-askpass' >> /root/.profile
-    '';
-  };
-}
diff --git a/machines/newton/configuration.nix b/machines/newton/configuration.nix
index f3fea3a..ad39993 100644
--- a/machines/newton/configuration.nix
+++ b/machines/newton/configuration.nix
@@ -8,7 +8,6 @@
     ./services.nix
     ./syncthing.nix
     ./system.nix
-    ../../legacy/modules/networkdecrypt.nix
   ];
 
   networking.hostName = "newton";
@@ -18,9 +17,6 @@
     gnupg.sshKeyPaths = [ ];
   };
 
-  networking.firewall.allowedTCPPorts = [
-  ];
-
   system = {
     stateVersion = "22.11";
     autoUpgrade.enable = true;
diff --git a/machines/newton/services.nix b/machines/newton/services.nix
index 701ff86..23dc030 100644
--- a/machines/newton/services.nix
+++ b/machines/newton/services.nix
@@ -95,6 +95,9 @@ in
     ssh-server = {
       enable = true;
     };
+    initrd-ssh = {
+      enable = true;
+    };
     # self-hosted recipe manager
     tandoor-recipes = {
       enable = true;
diff --git a/modules/services/default.nix b/modules/services/default.nix
index 9b4d766..a2e4e12 100644
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -7,6 +7,7 @@
     ./hedgedoc
     ./homepage
     ./homer
+    ./initrd-ssh
     ./jellyfin
     ./minecraft-server
     ./mumble-server
diff --git a/modules/services/initrd-ssh/default.nix b/modules/services/initrd-ssh/default.nix
new file mode 100644
index 0000000..54d8228
--- /dev/null
+++ b/modules/services/initrd-ssh/default.nix
@@ -0,0 +1,32 @@
+# The Free Software Media System
+{ config, lib, pkgs, ... }:
+let
+  cfg = config.my.services.initrd-ssh;
+  domain = config.networking.domain;
+in
+{
+  options.my.services.initrd-ssh = with lib; {
+    enable = mkEnableOption "Enable initrd-ssh service";
+  };
+
+  config = lib.mkIf cfg.enable {
+    boot.initrd.network = {
+      enable = true;
+
+      ssh = {
+        enable = true;
+        port = 2222;
+        hostKeys = [
+          "/etc/secrets/initrd/ssh_host_ed25519_key"
+        ];
+        authorizedKeys = [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFx6OLwL9MbkD3mnMsv+xrzZHN/rwCTgVs758SCLG0h felix@thinkman"
+        ];
+      };
+
+      postCommands = ''
+        echo 'cryptsetup-askpass' >> /root/.profile
+      '';
+    };
+  };
+}