feat: add jet as a trusted user

configuration.nix

@@ -67,6 +67,14 @@
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE40ISu3ydCqfdpb26JYD5cIN0Fu0id/FDS+xjB5zpqu"
   ];
 
+  users.users.jet = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE40ISu3ydCqfdpb26JYD5cIN0Fu0id/FDS+xjB5zpqu"
+    ];
+  };
+
   # SSH - Secure it
   services.openssh = {
     enable = true;
@@ -120,8 +128,13 @@
     "nix-command"
     "flakes"
   ];
+  nix.settings.trusted-users = [
+    "root"
+    "jet"
+  ];
   nix.settings.max-jobs = "auto";
   nix.settings.cores = 0;
+  security.sudo.wheelNeedsPassword = false;
   services.postgresql.package = pkgs.postgresql_15;
   nixpkgs.config.allowUnfree = true; # Allow unfree packages (Minecraft, etc.)
 

flake.nix

@@ -51,7 +51,7 @@
         let
           pkgs = nixpkgs.legacyPackages.x86_64-linux;
           deploy = pkgs.writeShellScriptBin "nhs" ''
-            nh os switch --hostname extremist-software --target-host root@extremist-software path:. "$@"
+            nh os switch --hostname extremist-software --target-host jet@extremist-software path:. "$@"
           '';
           check-secrets = pkgs.writeShellScriptBin "check-secrets" ''
             set -euo pipefail