You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is inconvenient at best and confusing at worst.
Instead, we should generate an ssh key on the machine used to deploy, use nixos-anywhere to send it to the correct location. (btw, this won't get overwritten by the script since it's checking if a file exists first before generating an ssh key). We could then add the age key to the SOPS file before the install process with nixos-anywhere and we could also add the host key to the laptop's known hosts!
The text was updated successfully, but these errors were encountered:
Currently, the expected flow is to deploy once with an empty config and then to add stuff in the config that could include SOPS.
This is because nixos-anywhere doesn´t generate the ssh host keys, this happens on first boot.
Then, you can get the generated key with https://github.com/ibizaman/skarabox/tree/main/template#secrets-with-sops and transform it into an age key and let the server decrypt the host file.
This is inconvenient at best and confusing at worst.
Instead, we should generate an ssh key on the machine used to deploy, use nixos-anywhere to send it to the correct location. (btw, this won't get overwritten by the script since it's checking if a file exists first before generating an ssh key). We could then add the age key to the SOPS file before the install process with nixos-anywhere and we could also add the host key to the laptop's known hosts!
The text was updated successfully, but these errors were encountered: