refactor: Move network configurations to machine directories

- Move network-congenital-optimist.nix to machines/congenital-optimist/
- Move network-sleeper-service.nix to machines/sleeper-service/
- Update import paths in machine configurations
- Clean up modules/network/common.nix to remove SSH duplication
- Consolidate SSH configuration in modules/security/ssh-keys.nix
- Remove machine-specific networking from shared common module

This improves dependency tracking by co-locating machine-specific
network configurations with their respective machines.

machines/congenital-optimist/configuration.nix

@@ -7,7 +7,7 @@
 }: {
   imports = [
     ./hardware-configuration.nix
-    ../../modules/network/network-congenital-optimist.nix
+    ./network-congenital-optimist.nix
     
     # Security modules
     ../../modules/security/ssh-keys.nix

machines/congenital-optimist/network-congenital-optimist.nix

@@ -4,7 +4,7 @@
 
 {
   imports = [
-    ./common.nix
+    ../../modules/network/common.nix
   ];
 
   # Machine-specific network configuration

machines/sleeper-service/configuration.nix

@@ -4,9 +4,9 @@
     # Security modules
     ../../modules/security/ssh-keys.nix
     # Network configuration
-    ../../modules/network/network-sleeper-service.nix
+    ./network-sleeper-service.nix
     # Services
-    ../../modules/services/nfs.nix
+    ./nfs.nix
     ../../modules/system/transmission.nix
 
     # User modules - server only needs sma user

machines/sleeper-service/network-sleeper-service.nix

@@ -4,7 +4,7 @@
 
 {
   imports = [
-    ./common.nix
+    ../../modules/network/common.nix
   ];
 
   # Machine-specific network configuration

modules/network/common.nix

@@ -1,5 +1,5 @@
 # Common Network Configuration
-# Shared networking settings across all machines
+# Minimal shared networking settings across all machines
 { config, pkgs, ... }:
 
 {
@@ -8,11 +8,10 @@
     # Enable nftables by default for all machines
     nftables.enable = true;
     
-    # Common firewall settings
+    # Basic firewall settings (SSH handled by security/ssh-keys.nix)
     firewall = {
       enable = true;
-      # SSH is allowed by default on all machines
+      # SSH port is configured in modules/security/ssh-keys.nix
-      allowedTCPPorts = [ 22 ];
     };
   };
 
@@ -21,13 +20,6 @@
     # Tailscale VPN for secure remote access
     tailscale.enable = true;
     
-    # SSH access with secure defaults
+    # Note: SSH configuration is handled by modules/security/ssh-keys.nix
-    openssh = {
-      enable = true;
-      settings = {
-        PermitRootLogin = "no";
-        PasswordAuthentication = false;
-      };
-    };
   };
 }

modules/security/ssh-keys.nix

@@ -3,6 +3,9 @@
 { config, pkgs, lib, ... }:
 
 {
+  # Firewall configuration for SSH
+  networking.firewall.allowedTCPPorts = [ 22 ];
+
   # Global SSH daemon configuration
   services.openssh = {
     enable = true;

notes.md

@@ -1,5 +1,9 @@
 # Notes to be use to write blog post 
 
-deployment script: rsync -av --delete /home/geir/Home-lab/ sma@sleeper-service:/tmp/home-lab-config/ and ssh sma@sleeper-service "cd /tmp/home-lab-config && sudo nixos-rebuild boot --flake .#sleeper-service"
 
-like the best approach maye we should add a todo for making scripts or research deploy-rs
+- research deploy-rs
+
+# Expansion
+## Hardware 
+- https://sipeed.com/nanocluster - ai cluster
+- https://www.bee-link.com/products/beelink-me-mini-n150?variant=47599172845810 - upgrade nas/storage

plan.md

@@ -515,7 +515,20 @@ Home-lab/
 - [ ] Configuration validation tests
 - [ ] Deployment automation
 - [ ] Monitoring and alerting
-### 6.3 Writeup
+
+### 6.3 Advanced Deployment Strategies
+- [ ] **Research deploy-rs**: Investigate deploy-rs as alternative to custom lab script
+  - Evaluate Rust-based deployment tool for NixOS flakes
+  - Compare features: parallel deployment, rollback capabilities, health checks
+  - Assess integration with existing SSH key management and Tailscale network
+  - Consider migration path from current rsync + SSH approach
+- [ ] **Convert lab script to Guile Scheme**: Explore functional deployment scripting
+  - Research Guile Scheme for system administration scripting
+  - Evaluate benefits: better error handling, functional composition, extensibility
+  - Design modular deployment pipeline with Scheme
+  - Consider integration with GNU Guix deployment patterns
+  - Plan migration strategy from current shell script implementation
+### 6.4 Writeup
 - [ ] Take all the knowledge we have amassed and make a blog post or a series of blog posts
 
 ### Phase 7: goin pro