fix(odin): add thomas to keys group

home/odin.nix

@@ -14,6 +14,7 @@ in
     ./features/nvim
   ];
 
+  age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
   age.secrets = {
     "home/control-pat".file = secrets."home/control-pat.age";
   };

hosts/odin/default.nix

@@ -18,6 +18,7 @@
   ++ (builtins.attrValues outputs.modules.nixos);
 
   security.sudo.wheelNeedsPassword = false;
+  users.groups.keys = { };
 
   # Services configuration
   services = {
@@ -45,6 +46,12 @@
     };
   };
 
+  systemd.tmpfiles.rules = [
+    # Format: type  path                          mode  user  group      age  argument
+    "z      /etc/ssh/ssh_host_rsa_key             0640  root  keys       -    -"
+    "z      /etc/ssh/ssh_host_ed25519_key         0640  root  keys       -    -"
+  ];
+
   programs.fish = {
     enable = true;
     vendor = {

hosts/odin/users/thomas.nix

@@ -3,6 +3,7 @@
   users.users.thomas = {
     isNormalUser = true;
     extraGroups = [
+      "keys"
       "wheel"
       "users"
       "storage"