sops-nix only allows for you to grab the path of the key files for security reasons, but
users.users.<user>.openssh.authorizedKeys.keyFiles = [config.sops.secrets.ssh-<machine>.path ]
causes
error: access to absolute path '/run/secrets/<ssh config for machine>' is forbidden in pure eval mode (use '--impure' to override)
on build.
I assume there has to be a better way to extract keys from sops-nix for authorizedKeys, but googling around and searching the forum hasn’t yet found much in terms of solutions for this particular use.