add the SSH key for the remote builder

All the secrets were rekeyed.
author: Franck Cuny <franck@fcuny.net> 2025-08-09 11:02:18 -0700
committer: Franck Cuny <franck@fcuny.net> 2025-08-09 11:02:18 -0700
commit: d23d7bf78b38fd7976d2dbbc063f406fa04f13d5 (patch)
tree: 1ecf84d2efb861a854918dfd88f30251561e4a36 /docs/install.org
parent: ignore terraform caches (diff)
download: infra-d23d7bf78b38fd7976d2dbbc063f406fa04f13d5.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/docs/install.org b/docs/install.org
index e4e279c..d552513 100644
--- a/docs/install.org
+++ b/docs/install.org
@@ -2,6 +2,13 @@
 #+AUTHOR: Franck Cuny
 #+EMAIL: franck@fcuny.net
 
+* Darwin
+** =agenix=
+Create SSH host keys with =sudo ssh-keygen -A=.
+
+You then need to add the public key (=/etc/ssh/ssh_host_ed25519_key.pub=) to [[file+emacs:../secrets/secrets.nix][secrets.nix]] and re-key the secrets, running =agenix -i ~/.ssh/agenix -r=.
+
+You can then validate that they key is encrypted properly with =sudo agenix -i /etc/ssh/ssh_host_ed25519_key -d ssh-remote-builder.age=.
 * Virtual machine running on the Synology NAS
 ** Creating the VM
 - chose VGA for the display (otherwise ~systemd-udevd~ gets stuck)
author	Franck Cuny <franck@fcuny.net>	2025-08-09 11:02:18 -0700
committer	Franck Cuny <franck@fcuny.net>	2025-08-09 11:02:18 -0700
commit	d23d7bf78b38fd7976d2dbbc063f406fa04f13d5 (patch)
tree	1ecf84d2efb861a854918dfd88f30251561e4a36 /docs/install.org
parent	ignore terraform caches (diff)
download	infra-d23d7bf78b38fd7976d2dbbc063f406fa04f13d5.tar.gz