Allow reverse SSH via regular trusted keys

hosts/mars/home.nix

@@ -1,4 +1,10 @@
-{ pkgs, ... }:
+{
+  pkgs,
+  lib,
+  config,
+  trustedSSHKeys,
+  ...
+}:
 {
   home.packages = with pkgs; [
     dosbox-staging # dosbox appears broken on darwin
@@ -11,6 +17,12 @@
     antigravity
   ];
 
+  home.activation.setupAuthorizedKeys = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
+    run install -m 0600 -D \
+      ${pkgs.writeText "keys" (builtins.concatStringsSep "\n" trustedSSHKeys)} \
+      ${config.home.homeDirectory}/.ssh/ephemeral_sshd/authorized_keys
+  '';
+
   # TODO: consider
   # https://nest.pijul.com/yonkeltron/macOS-nix-config:main/ZLDSMIXK5XFW6.EIAAA
   # and