You do realize that those machines are not necessarily NixOS right? It is best to separate the management of SSH from NixOS declarative nature since what you would really want to be declarative is ACL rules, not network topology/SSH keys. For example you can use Netbird or Tailscale and their respective SSH feature.
Mind you, Google Wallet. Other than that I wonder if they fixed the issue of camera opening too slow. Not laggy, but starts up slow enough that I find it irritating to use GrapheneOS daily.