refactor: fonts (#194)

modules/base/users.nix

@@ -0,0 +1,20 @@
+{myvars, ...}: {
+  programs.ssh = myvars.networking.ssh;
+
+  users.users.${myvars.username} = {
+    description = myvars.userfullname;
+    # Public Keys that can be used to login to all my PCs, Macbooks, and servers.
+    #
+    # Since its authority is so large, we must strengthen its security:
+    # 1. The corresponding private key must be:
+    #    1. Generated locally on every trusted client via:
+    #      ```bash
+    #      # KDF: bcrypt with 256 rounds, takes 2s on Apple M2):
+    #      # Passphrase: digits + letters + symbols, 12+ chars
+    #      ssh-keygen -t ed25519 -a 256 -C "ryan@xxx" -f ~/.ssh/xxx`
+    #      ```
+    #    2. Never leave the device and never sent over the network.
+    # 2. Or just use hardware security keys like Yubikey/CanoKey.
+    openssh.authorizedKeys.keys = myvars.mainSshAuthorizedKeys;
+  };
+}