Permit sudo via pam_ssh_agent_auth module

hosts/hyrule/default.nix

@@ -83,8 +83,8 @@ in {
         isNormalUser = true;
         extraGroups = ["wheel"];
         shell = pkgs.bash;
-        home = "/home/ae"; # TEMP: remove and replace with home-manager
+        openssh.authorizedKeys.keys = [
-        packages = with pkgs; [
+          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsUZY45rgezi+8iROdcR5vPeacJ2fbMjlDijfUrH9hRX2FzCsg/4e3aFKhi2seZMmyTfbstxmDrrH8paUS5TibFgLFBGNngaF3CTjg85i5pm25Hr4IVo31oziBnTWaG6j3buYKtz5e1qSPzXywinJR+5+FCUJU7Fxa+EWTZcOX4wYgArSj4q73rZmvk5N0X44Mudt4nvpD2chvxygsdTzD6ph92qCuaJ/AbfmOoC7b/xvOaOVydUfgDLpHi9VZbd3akvvKxRfW6ZklldgXEzPXKMuastN0mwcBxvIb5G1Vkj8jtSVtKPc5psZ9/NWA5l38xH4qZ6z7eib6thtEMdtcKmTZEEWDADjqTea5Gj61c1n18cr6f3Tff+0bn/cxsl4Y0esi+aDeuCXYiIYNmeKBx0ttDNIxpk4J5Fdh6Xs+AZif5lnJErtu8TPy2aC0bc9wehTjMyvilTHfyerOD1ZJXhN2XwRVDGN7t7leAJZISJlPjqTDcw3Vfvzte/5JqS+FR+hbpG4uz2ix8kUa20u5YF2oSdGl8+zsdozVsdQm10Iv9WSXBV7t4m+oyodgtfzydBpmXq7aBXudCiEKw+7TC7F+1a4YFrVrCNXKFgKUpd1MiVLl7DIbzm5U9MD2BB3Fy7BPCzr3tW6/ExOhhpBWY+HnzVGQfkNr7dRcqfipKw== ae@imbored.dev"
         ];
       };
 
@@ -107,7 +107,6 @@ in {
       ae = import ../../homes/ae;
       subspace = import ../../homes/subspace;
     };
-    sharedModules = [];
   };
 
   services = {
@@ -412,13 +411,19 @@ in {
       };
     };
   };
+  security = {
     # accept Lets Encrypt's security policy (for nginx)
-  security.acme = {
+    acme = {
       acceptTerms = true;
       # TODO: change this to me@imbored.dev
       defaults.email = "eclarkboman@gmail.com";
     };
 
+    # allow SSH keys for passwordless auth
+    # TODO: DO NOT USE THIS (create my own alternative to colmena)
+    pam.services.sudo.sshAgentAuth = true;
+  };
+
   environment.systemPackages = with pkgs; [
     git
     vim