treewide: separate ssh keys

nixos/users.nix

@@ -1,4 +1,4 @@
-{ lib, ... }:
+{ lib, self, ... }:
 let
   users = [
     {
@@ -32,6 +32,15 @@ let
       isNormalUser = true;
       extraGroups = lib.optionals (options.admin or false) adminGroups;
       inherit uid;
+
+      openssh.authorizedKeys.keys =
+        let
+          keys = import "${self}/lib/ssh/keys.nix";
+        in
+        if (builtins.hasAttr name keys) then
+          [ keys.${name} ]
+        else
+          lib.warn "user ${name} declared without ssh key" [ ];
     };
 
     systemd.slices."user-${builtins.toString uid}".sliceConfig = {