From 4cef1e6a5340ce5746219a16774468f0ead0a8b7 Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Wed, 2 Apr 2025 12:55:24 +0200
Subject: [PATCH] README: create guide to set up new machine

---
 README.md | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)

diff --git a/README.md b/README.md
index d97bb87..4242e25 100644
--- a/README.md
+++ b/README.md
@@ -60,6 +60,52 @@ Re-encrypt sops secrets with new key:
 sops updatekeys secrets/hosts/file.yml
 ```
 
+## Setting up a new machine
+
+### 1. Move gpg keys to
+
+```console
+# Export on some machine
+gpg --export-secret-keys --armor nani.wtf > ~/SD/gpg_keys.pem
+
+# Import
+gpg --import ~/SD/gpg_keys.pem
+```
+
+### 2. Generating host keys, and converting to age keys for nix-sops host secrets
+
+```console
+# Create host keys
+ssh-keygen -A
+
+# Convert public key to age format
+nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
+
+# Register this key in `.sops.yaml`
+$EDITOR .sops.yaml
+
+# Update keys
+sops updatekeys secrets/common.yaml
+sops updatekeys secrets/$(hostname).yaml # if present
+```
+
+### 3. Creating new ssh key for nix-sops home secrets
+
+```console
+# Create new key
+ssh-keygen -t ed25519 -b 4096 -C "sops-nix home key" -f ~/.ssh/id_ed25519_home_sops -N ''
+
+# Convert public key to age format
+nix-shell -p ssh-to-age --run 'cat ~/.ssh/id_ed25519_home_sops.pub | ssh-to-age'
+
+# Register this key in `.sops.yaml`
+$EDITOR .sops.yaml
+
+# Update keys
+sops updatekeys secrets/common.yaml
+sops updatekeys secrets/home.yaml
+```
+
 
 [home-manager]: https://github.com/nix-community/home-manager
 [nixos-search]: https://search.nixos.org/options