factor out into lib/admins.nix

hosts/glotzbert/configuration.nix

@@ -16,6 +16,7 @@ in
   imports =
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
+      ../../lib/admins.nix
     ];
 
   # Use the systemd-boot EFI boot loader.

hosts/pulsebert/configuration.nix

@@ -11,6 +11,7 @@ in {
   imports =
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
+      ../../lib/admins.nix
     ];
 
   # Use the systemd-boot EFI boot loader.

hosts/storage-ng/dhcp/configuration.nix

@@ -4,6 +4,7 @@
   imports =
     [ ../../../lib/lxc-container.nix
       ../../../lib/shared.nix
+      ../../../lib/admins.nix
     ];
 
   networking.hostName = "dhcp";

hosts/storage-ng/grafana/configuration.nix

@@ -4,6 +4,7 @@
   imports =
     [ ../../../lib/lxc-container.nix
       ../../../lib/shared.nix
+      ../../../lib/admins.nix
     ];
 
   networking.hostName = "grafana";

hosts/storage-ng/mucbot/configuration.nix

@@ -7,6 +7,7 @@ in
   imports =
     [ ../../../lib/lxc-container.nix
       ../../../lib/shared.nix
+      ../../../lib/admins.nix
       "${tiggerGit}/module.nix"
     ];
 

lib/admins.nix

@@ -0,0 +1,7 @@
+{ config, ... }:
+{
+  users.users.root.openssh.authorizedKeys.keys =
+    if config.services.openssh.enable
+    then (import ../secrets/lib/authorized_keys).admins
+    else [];
+}

lib/lxc-container.nix

@@ -28,5 +28,4 @@
 
   # Required for remote deployment
   services.openssh.enable = true;
-  users.users.root.openssh.authorizedKeys.keys = (import ../secrets/lib/authorized_keys).admins;
 }