nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpq6mtxp68k8c3p2sj0wzhagt3kd8ywkvzlkfyt3vrx9cahzfz000vsmvss2n (nprofile…ss2n) The way I solved this - with sops-nix - is that I put the private host key in a sops-protected file, and configured sops to allow decrypting it with either the ssh host key itself, or my own age key.
Thus, I could - temporarily - lift it out when I bootstrapped the host, and once bootstrapped (with nixos-anywhere), it's stored on the host, outside of the nix store.
If I need to bring up a new VM, or a fresh install, I'll inject the host key out of band.
algernon ludd /
npub1hg…nmyw0
2024-12-23 18:26:19
in reply to nevent1q…4cex
Author Public Key
npub1hg4y9ch6ttsze47xmaut4lzvxq3hjyd8fvdkt4v9mfqvjqhv8q2qlnmyw0Published at
2024-12-23 18:26:19Event JSON
{
"id": "972c3c12b4e23cc61e487e00ae455b8e374c6f34f93ebe72fb308020bda22485",
"pubkey": "ba2a42e2fa5ae02cd7c6df78bafc4c30237911a74b1b65d585da40c902ec3814",
"created_at": 1734978379,
"kind": 1,
"tags": [
[
"p",
"d6d660e8f63e2215424f70afd42e3669c8eb305fb248b8b0662e3b71244f7bd9",
"wss://relay.mostr.pub"
],
[
"p",
"0abc897a05eca0849f658dc45fb983e46041d357150b09df857131e7a7552848",
"wss://relay.mostr.pub"
],
[
"e",
"b643ff7c2e9459e836ab9352645227d7b977cba907042b2e8506cb673547bf13",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://come-from.mad-scientist.club/users/algernon/statuses/01JFTCA78C824ERBD8XWDXT5T9",
"activitypub"
]
],
"content": "nostr:nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpq6mtxp68k8c3p2sj0wzhagt3kd8ywkvzlkfyt3vrx9cahzfz000vsmvss2n The way I solved this - with sops-nix - is that I put the private host key in a sops-protected file, and configured sops to allow decrypting it with either the ssh host key itself, or my own age key.\n\nThus, I could - temporarily - lift it out when I bootstrapped the host, and once bootstrapped (with nixos-anywhere), it's stored on the host, outside of the nix store.\n\nIf I need to bring up a new VM, or a fresh install, I'll inject the host key out of band.",
"sig": "754a93ac6e354b50b9266ab40b45e8e6268d4f7621fe8f35c9d32e9384c794681aea1f17c61ded495403606190bb9e418f7de808460bfb56f3b84bff8615473b"
}