| tags | |
|---|---|
|
SSH keys in /etc/ssh will be copied over to the new installation.
Usage : localinstall -h <hostname> [options]
Options:
* -h, --host <hostname>
Set the config hostname to install from this flake
* --secureboot
Generate secure boot keys.
* --initrdssh
Generate initrd SSH host keys.
* --homesecrets
Install home secrets key
* --username
Set the username to install secrets (optional)Usage : remoteinstall -h <hostname> -p <port> -i <ip> [options]
Options:
* -h, --host <hostname>
Set the config hostname to install from this flake.
* -p, --port <ssh_port>
Set the SSH port to connect with.
* -i, --ip <ssh_ip>
Set the destination IP to install.
* --identity-key <file_path>
Set the private key to use
* --secureboot
Generate secure boot keys.
* --initrdssh
Generate initrd SSH host keys.
* --homesecrets
Install home secrets key
* --username
Set the username to install secrets (optional)--initrdssh requires sudo.
deploy -k deploys all hosts and keeps garbage collection roots in .deploy-gc.
Pass -s to skip flake checks.
- At least in private git instance try to use proper commit prefix. [see here][https://github.com/angular/angular.js/blob/master/DEVELOPERS.md#type]
- Deploy hashicorp vault or something capable of rotating credentials
- Figure out how to achieve fully automated remote luks unlock
- Organize secrets structure, with per-machine credentials and preferably credentials rotation
- After implementing all library features eventually stabilize the structure to a point where i feel comfortable mirroring all commits from private git instance to GitHub without rebasing
- [-] Handle acme.sh failure and send a fail signal to healthchecks
- Copying ssh age key at installation is tedious. find a way to manage this remotely, kms solution?