refactor(security): migrate hardcoded credentials and SSH keys to sops-nix

users/admin/default.nix

@@ -26,7 +26,9 @@ in {
         config.users.groups.wheel.name # Enable 'sudo' for the user.
       ];
       initialPassword = "ChangeMe";
-      openssh.authorizedKeys.keys = cfg.authorizedKeys;
+      openssh.authorizedKeys.keyFiles = [
+        config.sops.secrets.user_keys_admin.path
+      ];
       packages = with pkgs; [
         curl
         git

users/backup/default.nix

@@ -12,9 +12,8 @@ in {
       extraGroups = [
         "docker" # Allow access to the docker socket.
       ];
-      openssh.authorizedKeys.keys = [
-        # Hugo
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICms6vjhE9kOlqV5GBPGInwUHAfCSVHLI2Gtzee0VXPh"
+      openssh.authorizedKeys.keyFiles = [
+        config.sops.secrets.user_keys_backup.path
       ];
     };
   };

users/deploy/default.nix

@@ -15,8 +15,8 @@ in {
         isSystemUser = true;
         home = "/var/empty";
         shell = pkgs.bashInteractive;
-        openssh.authorizedKeys.keys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPrG+ldRBdCeHEXrsy/qHXIJYg8xQXVuiUR0DxhFjYNg"
+        openssh.authorizedKeys.keyFiles = [
+          config.sops.secrets.user_keys_deploy.path
         ];
       };
     };