modules/darwin: refactor users

modules/darwin/common/default.nix

@@ -1,12 +1,4 @@
 { inputs, pkgs, ... }:
-let
-  authorizedKeys = {
-    keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDPVjRBomWFJNNkZb0g5ymLmc3pdRddIScitmJ9yC+ap" # deployment
-    ];
-    keyFiles = pkgs.lib.filesystem.listFilesRecursive "${toString inputs.self}/users/keys";
-  };
-in
 {
   imports = [
     ./apfs-cleanup.nix
@@ -16,18 +8,12 @@ in
     ./software-update.nix
     ./telegraf.nix
     ./upgrade-diff.nix
+    ./users.nix
     ../../shared/known-hosts.nix
     ../../shared/nix-daemon.nix
     inputs.agenix.darwinModules.age
   ];
 
-  # TODO: refactor this to share /users with nixos
-  users.users = {
-    customer.openssh = {
-      inherit authorizedKeys;
-    };
-  };
-
   services.nix-daemon.enable = true;
 
   programs.zsh.enable = true;
@@ -36,8 +22,6 @@ in
 
   programs.info.enable = false;
 
-  nix.settings.trusted-users = [ "@admin" ];
-
   # srvos
   nix.settings.builders-use-substitutes = true;
 

modules/darwin/common/users.nix

@@ -0,0 +1,19 @@
+{ inputs, pkgs, ... }:
+let
+  authorizedKeys = {
+    keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDPVjRBomWFJNNkZb0g5ymLmc3pdRddIScitmJ9yC+ap" # deployment
+    ];
+    keyFiles = pkgs.lib.filesystem.listFilesRecursive "${inputs.self}/users/keys";
+  };
+in
+{
+  # TODO: refactor this to share /users with nixos
+  users.users = {
+    customer.openssh = {
+      inherit authorizedKeys;
+    };
+  };
+
+  nix.settings.trusted-users = [ "@admin" ];
+}