feat: init srv0-dmz0

nix/os/profiles/common/user.nix

@@ -4,11 +4,18 @@
   ...
 }: let
   keys = import ../../../variables/keys.nix;
-  inherit (import ../../lib/default.nix {inherit (pkgs) lib;}) mkUser;
+  inherit
+    (import ../../lib/default.nix {
+      inherit (pkgs) lib;
+      inherit config;
+    })
+    mkUser
+    ;
 in {
   sops.secrets.sharedUsers-root = {
     sopsFile = ../../../../secrets/shared-users.yaml;
     neededForUsers = true;
+    format = "yaml";
   };
 
   sops.secrets.sharedUsers-steveej = {
@@ -17,18 +24,26 @@ in {
     format = "yaml";
   };
 
+  sops.secrets.sharedSshKeys-steveej = {
+    sopsFile = ../../../../secrets/shared-users.yaml;
+    # neededForUsers = true;
+    format = "yaml";
+  };
+
   users.mutableUsers = false;
 
   users.extraUsers.root = {
     passwordFile = config.sops.secrets.sharedUsers-root.path;
     openssh.authorizedKeys.keys = keys.users.steveej.openssh;
+
+    # TODO: investigate why this secret cannot be found
+    # openssh.authorizedKeys.keyFiles = [
+    #   config.sops.secrets.sharedSshKeys-steveej.path
+    # ];
   };
 
   users.extraUsers.steveej = mkUser {
     uid = 1000;
     passwordFile = config.sops.secrets.sharedUsers-steveej.path;
   };
-
-  security.pam.u2f.enable = true;
-  security.pam.services.steveej.u2fAuth = true;
 }