TODO: Get a nix build #.<hostname> to build a new kexec image I can SSH over
- Install host
- On remote host:
nix-shell -p ssh-to-age --run "ssh-to-age < /etc/ssh/ssh_host_ed25519_key.pub" - On remote host:
nix-shell -p ssh-to-age --run "ssh-to-age -private-key -i /etc/ssh/ssh_host_ed25519_key" - Put both of these values in
~/.config/sops/age/keys.txt - Add paths to .sops.yaml
- Reencrypt
machines/common/secrets.yaml