fix(security): enable sudo password for ryan, use root for remote deployment

modules/nixos/base/user-group.nix

@@ -36,14 +36,10 @@
       "libvirtd"
     ];
   };
+
+  # root's ssh key are mainly used for remote deployment
   users.users.root = {
     initialHashedPassword = config.users.users."${username}".initialHashedPassword;
     openssh.authorizedKeys.keys = config.users.users."${username}".openssh.authorizedKeys.keys;
   };
-
-  # The wheel group is a special user group,
-  # which can access to the `su` or `sudo` command to run commands as super user.
-  #
-  # Don't ask for password for wheel group
-  security.sudo.wheelNeedsPassword = false;
 }

systems/colmena.nix

@@ -7,6 +7,7 @@ with allSystemAttrs; let
     inherit home-manager;
     inherit nixpkgs; # or nixpkgs-unstable
     specialArgs = allSystemSpecialArgs.x64_system;
+    targetUser = "root";
   };
 
   # riscv64 related
@@ -38,7 +39,7 @@ with allSystemAttrs; let
     inherit home-manager;
     inherit (nixos-rk3588.inputs) nixpkgs; # or nixpkgs-unstable
     specialArgs = rk3588_specialArgs;
-    targetUser = "ryan";
+    targetUser = "root";
   };
 in {
   # colmena - remote deployment via SSH