feat: start migrating steveej-t14 and sj-vps-htz-0 to sops

nix/os/profiles/common/user.nix

@@ -3,13 +3,31 @@
   pkgs,
   ...
 }: let
-  passwords = import ../../../variables/passwords.crypt.nix;
-  inherit (import ../../lib/default.nix {}) mkUser mkRoot;
+  keys = import ../../../variables/keys.nix;
+  inherit (import ../../lib/default.nix {inherit (pkgs) lib;}) mkUser;
 in {
+  sops.secrets.sharedUsers-root = {
+    sopsFile = ../../../../secrets/shared-users.yaml;
+    neededForUsers = true;
+  };
+
+  sops.secrets.sharedUsers-steveej = {
+    sopsFile = ../../../../secrets/shared-users.yaml;
+    neededForUsers = true;
+    format = "yaml";
+  };
+
   users.mutableUsers = false;
 
-  users.extraUsers.root = mkRoot {};
-  users.extraUsers.steveej = mkUser {uid = 1000;};
+  users.extraUsers.root = {
+    passwordFile = config.sops.secrets.sharedUsers-root.path;
+    openssh.authorizedKeys.keys = keys.users.steveej.openssh;
+  };
+
+  users.extraUsers.steveej = mkUser {
+    uid = 1000;
+    passwordFile = config.sops.secrets.sharedUsers-steveej.path;
+  };
 
   security.pam.u2f.enable = true;
   security.pam.services.steveej.u2fAuth = true;