Update install docs to preserve installer ssh keys.
This commit is contained in:
@@ -7,7 +7,7 @@
|
|||||||
* copy key.bin to hosts/<target>/
|
* copy key.bin to hosts/<target>/
|
||||||
* use the generated config to create new config in hosts/<target>
|
* use the generated config to create new config in hosts/<target>
|
||||||
* set the actual device IDs in hosts/<target>/default.nix
|
* set the actual device IDs in hosts/<target>/default.nix
|
||||||
* on base host: nix run github:nix-community/nixos-anywhere -- --flake '.#<target>' nixos@<target IP>
|
* set or update key for target in .sops.yaml with the output from "ssh-keyscan <host> | ssh-to-age" then "sops updatekeys secrets/*.yaml"
|
||||||
|
* if new machine, add a secrets/<machine>.yaml for it
|
||||||
|
* on base host: nix run github:nix-community/nixos-anywhere -- --copy-host-keys --flake '.#<target>' nixos@<target IP>
|
||||||
* after confirmed working, update hosts/<target>/default.nix to set keyFile to /dev/sdX (otherwise when the USB drive fails it's harder to replace)
|
* after confirmed working, update hosts/<target>/default.nix to set keyFile to /dev/sdX (otherwise when the USB drive fails it's harder to replace)
|
||||||
* if replacing failed host in place, update key in .sops.yaml with the output from "ssh-keyscan <host> | ssh-to-age" then "sops updatekeys secrets/*.yaml"
|
|
||||||
** if installing new host, do the same for install then again after the first reboot (the installer key is not persisted)
|
|
||||||
|
|||||||
Reference in New Issue
Block a user