From 402086b37410760590c0e3b5cb5db70d7694b24f Mon Sep 17 00:00:00 2001
From: steffen <steffen@portuus.de>
Date: Sat, 14 Mar 2026 14:15:40 +0100
Subject: [PATCH] move deploy key to host config, add ralph and benjamin users

- Move forgejo-deploy pubkey from users/steffen to hosts/cryodev-main/
  (deploy key belongs to the host, not a user)
- Remove deploy key from steffen's authorized keys
- Add users ralph and benjamin (pubkeys pending)
- Register both new users in cryodev-main host config
---
 .../cryodev-main/deploy-key.pub                       |  0
 hosts/cryodev-main/services/openssh.nix               |  2 +-
 hosts/cryodev-main/users.nix                          |  2 ++
 users/benjamin/default.nix                            | 11 +++++++++++
 users/ralph/default.nix                               | 11 +++++++++++
 users/steffen/default.nix                             |  5 +----
 6 files changed, 26 insertions(+), 5 deletions(-)
 rename users/steffen/pubkeys/forgejo-deploy.pub => hosts/cryodev-main/deploy-key.pub (100%)
 create mode 100644 users/benjamin/default.nix
 create mode 100644 users/ralph/default.nix

diff --git a/users/steffen/pubkeys/forgejo-deploy.pub b/hosts/cryodev-main/deploy-key.pub
similarity index 100%
rename from users/steffen/pubkeys/forgejo-deploy.pub
rename to hosts/cryodev-main/deploy-key.pub
diff --git a/hosts/cryodev-main/services/openssh.nix b/hosts/cryodev-main/services/openssh.nix
index b38495e..db9a56a 100644
--- a/hosts/cryodev-main/services/openssh.nix
+++ b/hosts/cryodev-main/services/openssh.nix
@@ -12,6 +12,6 @@
 
   # Root SSH key for deploy-rs (key-only, no password)
   users.users.root.openssh.authorizedKeys.keyFiles = [
-    ../../../users/steffen/pubkeys/forgejo-deploy.pub
+    ../deploy-key.pub
   ];
 }
diff --git a/hosts/cryodev-main/users.nix b/hosts/cryodev-main/users.nix
index a198c5a..2703ead 100644
--- a/hosts/cryodev-main/users.nix
+++ b/hosts/cryodev-main/users.nix
@@ -4,5 +4,7 @@
   imports = [
     outputs.nixosModules.normalUsers
     ../../users/steffen
+    ../../users/ralph
+    ../../users/benjamin
   ];
 }
diff --git a/users/benjamin/default.nix b/users/benjamin/default.nix
new file mode 100644
index 0000000..d00df64
--- /dev/null
+++ b/users/benjamin/default.nix
@@ -0,0 +1,11 @@
+{
+  normalUsers.benjamin = {
+    extraGroups = [
+      "wheel"
+    ];
+    sshKeyFiles = [
+      # TODO: Add benjamin's public key
+      # ./pubkeys/benjamin.pub
+    ];
+  };
+}
diff --git a/users/ralph/default.nix b/users/ralph/default.nix
new file mode 100644
index 0000000..f43dd0d
--- /dev/null
+++ b/users/ralph/default.nix
@@ -0,0 +1,11 @@
+{
+  normalUsers.ralph = {
+    extraGroups = [
+      "wheel"
+    ];
+    sshKeyFiles = [
+      # TODO: Add ralph's public key
+      # ./pubkeys/ralph.pub
+    ];
+  };
+}
diff --git a/users/steffen/default.nix b/users/steffen/default.nix
index f58a45f..a7503e9 100644
--- a/users/steffen/default.nix
+++ b/users/steffen/default.nix
@@ -5,9 +5,6 @@
     extraGroups = [
       "wheel"
     ];
-    sshKeyFiles = [
-      ./pubkeys/X670E.pub
-      ./pubkeys/forgejo-deploy.pub
-    ];
+    sshKeyFiles = [ ./pubkeys/X670E.pub ];
   };
 }