From c6fcb7b6b808b740b30706dbbe29b3a24991b66b Mon Sep 17 00:00:00 2001
From: Martin Berg Alstad <git@martials.no>
Date: Mon, 19 May 2025 21:42:29 +0200
Subject: [PATCH] :recycle: [shared] Refactor ssh config to be dynamic

---
 flake.nix                       |  4 +++
 shared/modules/security/ssh.nix | 51 ++++++++++++++-------------------
 2 files changed, 26 insertions(+), 29 deletions(-)

diff --git a/flake.nix b/flake.nix
index 9dc1423..669494a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -74,15 +74,18 @@
           hostName = "desktop";
           system = "x86_64-linux";
           nvidia.enable = true;
+          ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMSzXyTuQyTrWsfORQbvgrqt/33+hfSUDXeMg6D1T2wz";
         }
         {
           hostName = "thinkpad";
           system = "x86_64-linux";
+          ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNlHKE/BD8kKfhJD7GBk1A3whZf3gTjk9VEgGAj3qsH";
         }
         {
           hostName = "pi4";
           system = "aarch64-linux";
           wayland.enable = false;
+          ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJE9m7YiITe1sDqSZ7Pa8luIw3WToLsypixZEqE4wCQE";
         }
         # TODO Homelab config
       ];
@@ -126,6 +129,7 @@
                   theme
                   lib
                   systemConfig
+                  systems
                   ;
                 isDarwin = false;
               };
diff --git a/shared/modules/security/ssh.nix b/shared/modules/security/ssh.nix
index cbba392..88246eb 100644
--- a/shared/modules/security/ssh.nix
+++ b/shared/modules/security/ssh.nix
@@ -1,33 +1,26 @@
 # /nix/store/<hash>/etc/ssh/ssh_config
-{ systemConfig, ... }:
-
-{
-  programs.ssh.knownHosts =
-    let
-      domain = "dns.martials.no";
-    in
+{ systemConfig, systems, ... }:
+with builtins;
+let
+  domain = "dns.martials.no";
+  allSystems = systems ++ [
     {
-      desktop = {
-        extraHostNames = [ "desktop.${domain}" ];
-        publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMSzXyTuQyTrWsfORQbvgrqt/33+hfSUDXeMg6D1T2wz";
-      };
-      thinkpad = {
-        extraHostNames = [ "thinkpad.${domain}" ];
-        publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNlHKE/BD8kKfhJD7GBk1A3whZf3gTjk9VEgGAj3qsH";
-      };
-      pi4 = {
-        extraHostNames = [ "pi4.${domain}" ];
-        publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJE9m7YiITe1sDqSZ7Pa8luIw3WToLsypixZEqE4wCQE";
-      };
-      homelab = {
-        extraHostNames = [ "homelab.${domain}" ];
-        publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIARDv5nRlfPDXdV+Db4FaqeSJZ3/3MO0frYGzuVeqYAl";
-      };
-    };
-  users.users.${systemConfig.username}.openssh.authorizedKeys.keys = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMSzXyTuQyTrWsfORQbvgrqt/33+hfSUDXeMg6D1T2wz"
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNlHKE/BD8kKfhJD7GBk1A3whZf3gTjk9VEgGAj3qsH"
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJE9m7YiITe1sDqSZ7Pa8luIw3WToLsypixZEqE4wCQE"
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIARDv5nRlfPDXdV+Db4FaqeSJZ3/3MO0frYGzuVeqYAl"
+      hostName = "homelab";
+      ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIARDv5nRlfPDXdV+Db4FaqeSJZ3/3MO0frYGzuVeqYAl";
+    }
   ];
+in
+{
+  programs.ssh.knownHosts = listToAttrs (
+    map (system: {
+      name = system.hostName;
+      value = {
+        extraHostNames = [ "${system.hostName}.${domain}" ];
+        publicKey = system.ssh.publicKey;
+      };
+    }) allSystems
+  );
+  users.users.${systemConfig.username}.openssh.authorizedKeys.keys = (
+    map (system: system.ssh.publicKey) allSystems
+  );
 }