From ce7b3bbe16b6b28998aa2f64d2e8a1fa81e94c48 Mon Sep 17 00:00:00 2001
From: Petru Paler <petru@paler.net>
Date: Fri, 24 Oct 2025 14:47:45 +0100
Subject: [PATCH] Update install docs to preserve installer ssh keys.

---
 setup-host.txt | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/setup-host.txt b/setup-host.txt
index 84db3dd..03e0603 100644
--- a/setup-host.txt
+++ b/setup-host.txt
@@ -7,7 +7,7 @@
 * copy key.bin to hosts/<target>/
 * use the generated config to create new config in hosts/<target>
 * set the actual device IDs in hosts/<target>/default.nix
-* on base host: nix run github:nix-community/nixos-anywhere -- --flake '.#<target>' nixos@<target IP>
+* set or update key for target in .sops.yaml with the output from "ssh-keyscan <host> | ssh-to-age" then "sops updatekeys secrets/*.yaml"
+* if new machine, add a secrets/<machine>.yaml for it
+* on base host: nix run github:nix-community/nixos-anywhere -- --copy-host-keys --flake '.#<target>' nixos@<target IP>
 * after confirmed working, update hosts/<target>/default.nix to set keyFile to /dev/sdX (otherwise when the USB drive fails it's harder to replace)
-* if replacing failed host in place, update key in .sops.yaml with the output from "ssh-keyscan <host> | ssh-to-age" then "sops updatekeys secrets/*.yaml"
-** if installing new host, do the same for install then again after the first reboot (the installer key is not persisted)