diff --git a/modules/darwin/common/default.nix b/modules/darwin/common/default.nix
index 274a5ee..08a406e 100644
--- a/modules/darwin/common/default.nix
+++ b/modules/darwin/common/default.nix
@@ -1,4 +1,12 @@
 { inputs, pkgs, ... }:
+let
+  authorizedKeys = {
+    keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDPVjRBomWFJNNkZb0g5ymLmc3pdRddIScitmJ9yC+ap" # deployment
+    ];
+    keyFiles = pkgs.lib.filesystem.listFilesRecursive "${toString inputs.self}/users/keys";
+  };
+in
 {
   imports = [
     ./apfs-cleanup.nix
@@ -12,12 +20,8 @@
   # TODO: refactor this to share /users with nixos
   # if user is removed the keys need to be removed manually from /etc/ssh/authorized_keys.d
   users.users = {
-    hetzner.openssh.authorizedKeys = {
-      keys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDPVjRBomWFJNNkZb0g5ymLmc3pdRddIScitmJ9yC+ap" # deployment
-      ];
-      keyFiles = pkgs.lib.filesystem.listFilesRecursive "${toString inputs.self}/users/keys";
-    };
+    customer.openssh = { inherit authorizedKeys; };
+    hetzner.openssh = { inherit authorizedKeys; };
   };
 
   services.nix-daemon.enable = true;