b8bc17f385
Move the imperative SSH-key-related scars accumulated during the clan/VPS rollout into nix config so future installs and rebuilds reproduce the same state: - danny@sunken-ship + danny@phantom-ship: trust the mac admin key (id_ed25519_<host> on Daniel-Macbook-Air) and the host's own self-loopback key (used by clan ssh-ng:// nix-copy-closure back to the same host during `clan machines update`). - root@sunken-ship + root@phantom-ship: trust the mac admin key so `clan machines update` can run its SOPS-key upload step that SSHes to root@<host> to write /var/lib/sops-nix/key.txt. Existing key files (~/.ssh/id_ed25519 on each host) stay where they are; the keypair was generated once during initial bootstrap and the public side is now declared above. Reinstalls would regenerate and need the pubkey re-pinned here. |
||
|---|---|---|
| .. | ||
| daniel-macbook-air.nix | ||
| phantom-ship-hardware.nix | ||
| phantom-ship.nix | ||
| server-install.nix | ||
| sunken-ship-hardware.nix | ||
| sunken-ship.nix | ||
| vps-relay.nix | ||
| wsl.nix | ||