feat: add deploy-rs user config

config/network.nix

@@ -15,7 +15,7 @@
           "sntrup761x25519-sha512@openssh.com"
         ];
         PasswordAuthentication = false;
-        PermitRootLogin = "no";
+        PermitRootLogin = "prohibit-password";
         StreamLocalBindUnlink = "yes";
       };
     };

config/users.nix

@@ -4,8 +4,6 @@
   pkgs,
   ...
 }: let
-  keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILm0O46zW/XfVOSwz0okRWYeOAg+wCVkCtCAoVTpZsOh"];
-
   nu_scripts = "${pkgs.nu_scripts}/share/nu_scripts";
   mkCompletions = completions:
     lib.concatStringsSep "\n" (
@@ -17,14 +15,18 @@
 in {
   i18n.defaultLocale = "en_US.UTF-8";
 
-  users.mutableUsers = false;
-  users.users.root.hashedPasswordFile = config.age.secrets."system/password-root".path;
-
-  users.users.winston = {
-    extraGroups = ["wheel"];
-    hashedPasswordFile = config.age.secrets."system/password-winston".path;
-    isNormalUser = true;
-    openssh.authorizedKeys.keys = keys;
+  users = {
+    mutableUsers = false;
+    users.root = {
+      hashedPasswordFile = config.age.secrets."system/password-root".path;
+      openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/mwLoiuaQ6KH+1IOvYO541gq37S43pYtMetilMG3v5"] ++ config.users.users.winston.openssh.authorizedKeys.keys;
+    };
+    users.winston = {
+      extraGroups = ["wheel"];
+      hashedPasswordFile = config.age.secrets."system/password-winston".path;
+      isNormalUser = true;
+      openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILm0O46zW/XfVOSwz0okRWYeOAg+wCVkCtCAoVTpZsOh"];
+    };
   };
 
   home-manager = {

flake.nix

@@ -41,8 +41,7 @@
         deploy.nodes.main-node = {
           hostname = "winston.sh";
           profiles.system = {
-            user = "winston";
-            remoteBuild = true;
+            sshUser = "root";
             path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.main-node;
           };
         };