mirror of
https://github.com/alyraffauf/nixcfg.git
synced 2024-11-25 22:51:54 -05:00
update ssh key location
parent
2d395532c2
commit
708fb74202
|
@ -3,7 +3,7 @@
|
||||||
2. Add host to `nixosConfigurations` in `flake.nix`.
|
2. Add host to `nixosConfigurations` in `flake.nix`.
|
||||||
3. (OPTIONAL) Generate a `cert.pem`, `key.pem`, and device ID for Syncthing with `syncthing -generate=$HOSTNAME`. Find the device ID in the generated `config.xml` and add it to `nixosModules/services/syncthing/default.nix`, encrypt the cert and key with agenix, and set them as appropriate in the host configuration.
|
3. (OPTIONAL) Generate a `cert.pem`, `key.pem`, and device ID for Syncthing with `syncthing -generate=$HOSTNAME`. Find the device ID in the generated `config.xml` and add it to `nixosModules/services/syncthing/default.nix`, encrypt the cert and key with agenix, and set them as appropriate in the host configuration.
|
||||||
4. Install NixOS from this flake. Secrets will _not_ be available on first boot.
|
4. Install NixOS from this flake. Secrets will _not_ be available on first boot.
|
||||||
5. Copy the new system's public SSH key (`/etc/ssh/ssh_host_ed25519_key.pub`) to the host configuration (`host/$HOSTNAME/ssh.pub`).
|
5. Copy the new system's public SSH key (`/etc/ssh/ssh_host_ed25519_key.pub`) to the host configuration (`secrets/publicKeys/root_$HOSTNAME.pub`).
|
||||||
6. Add the new public key to `secrets/secrets.nix` and rekey all secrets with `agenix --rekey`.
|
6. Add the new public key to `secrets/secrets.nix` and rekey all secrets with `agenix --rekey`.
|
||||||
7. Rebuild the new system from git. Secrets will be automatically decrypted and immediately available in `/run/agenix/`.
|
7. Rebuild the new system from git. Secrets will be automatically decrypted and immediately available in `/run/agenix/`.
|
||||||
8. (OPTIONAL) Generate a new user SSH key and add it to `nixosModules/users/default.nix` in order to enable passwordless logins to other hosts.
|
8. (OPTIONAL) Generate a new user SSH key and add it to `nixosModules/users/default.nix` in order to enable passwordless logins to other hosts.
|
||||||
|
|
Loading…
Reference in a new issue