| 8 Mar 2025 |
 K900 ⚡️ | The host key in /etc/ssh identifies the machine | 07:20:35 |
 laurent | Got it! And when i set up agenix i encrypted with my user key, which i then use in the identityfile option of agenix! So i should have encrypted with the host machine correct? But this host ssh key is automatically regenerated on a new nixos install? | 07:25:13 |
| K900 ⚡️ | You encrypt with the public part of the host key | 07:25:36 |
| K900 ⚡️ | And then it's decrypted with the private part | 07:25:43 |
| laurent | * Got it! And when i set up agenix, i encrypted with my user key, which i then use in the identityfile option of agenix! So i should have encrypted with the host machine correct? But this host ssh key is automatically regenerated on a new nixos install? | 07:25:45 |
| K900 ⚡️ | And yes, the host key is generated per machine | 07:25:48 |
| K900 ⚡️ | So you probably want to also encrypt to your own user key, so you can access the secrets if you don't have any of the host keys | 07:26:06 |
| laurent | Thx! I did everything the wrong way then. So the host key needs obviously to be backed up. I ll check some doc to see how to reinstall it the nix way on a fresh install.thx a lot fornyour help | 07:29:13 |
 Valodim | It does not need to be backed up. Just create a new one and rekey on redeployment | 07:49:26 |
| laurent | In reply to @Valodim:stratum0.org
It does not need to be backed up. Just create a new one and rekey on redeployment Do you mean to re encrypt all secrets with the then new host key? | 08:13:45 |
| Valodim | Yes | 08:14:05 |
| Valodim | The same as you'll have to do on other occasions when public keys changes, e.g. when some secret should be available for a new host | 08:14:57 |
| Valodim | Maybe study the agenix docs some more. it's in there :) | 08:15:13 |
| laurent | In reply to @Valodim:stratum0.org
Maybe study the agenix docs some more. it's in there :) I reckon thats what i have to do haha. Been wanting to take shortcuts with nix to be able to have a quick working env but its time to go back to the doc now that i understand more the ecosystem | 08:17:33 |
|  Qyriad changed their display name from qyriad to Qyriad. | 21:41:03 |
| 9 Mar 2025 |
|  kiwicutter joined the room. | 23:34:49 |
