move deploy key to host config, add ralph and benjamin users

- Move forgejo-deploy pubkey from users/steffen to hosts/cryodev-main/
  (deploy key belongs to the host, not a user)
- Remove deploy key from steffen's authorized keys
- Add users ralph and benjamin (pubkeys pending)
- Register both new users in cryodev-main host config

hosts/cryodev-main/services/openssh.nix

@@ -12,6 +12,6 @@
 
   # Root SSH key for deploy-rs (key-only, no password)
   users.users.root.openssh.authorizedKeys.keyFiles = [
-    ../../../users/steffen/pubkeys/forgejo-deploy.pub
+    ../deploy-key.pub
   ];
 }

hosts/cryodev-main/users.nix

@@ -4,5 +4,7 @@
   imports = [
     outputs.nixosModules.normalUsers
     ../../users/steffen
+    ../../users/ralph
+    ../../users/benjamin
   ];
 }

users/benjamin/default.nix

@@ -0,0 +1,11 @@
+{
+  normalUsers.benjamin = {
+    extraGroups = [
+      "wheel"
+    ];
+    sshKeyFiles = [
+      # TODO: Add benjamin's public key
+      # ./pubkeys/benjamin.pub
+    ];
+  };
+}

users/ralph/default.nix

@@ -0,0 +1,11 @@
+{
+  normalUsers.ralph = {
+    extraGroups = [
+      "wheel"
+    ];
+    sshKeyFiles = [
+      # TODO: Add ralph's public key
+      # ./pubkeys/ralph.pub
+    ];
+  };
+}

users/steffen/default.nix

@@ -5,9 +5,6 @@
     extraGroups = [
       "wheel"
     ];
-    sshKeyFiles = [
-      ./pubkeys/X670E.pub
-      ./pubkeys/forgejo-deploy.pub
-    ];
+    sshKeyFiles = [ ./pubkeys/X670E.pub ];
   };
 }