From b4eb83df6e4b79d35d921c5957b8ed20fc491ea1 Mon Sep 17 00:00:00 2001 From: Denis 'GNUtoo' Carikli Date: Tue, 19 Sep 2023 22:43:49 +0200 Subject: [PATCH] README: document missing files Signed-off-by: Denis 'GNUtoo' Carikli --- README | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/README b/README index 50492d8..cc74619 100644 --- a/README +++ b/README @@ -6,6 +6,32 @@ $ ./autogen.sh && ./configure && make You can also check the configure option for configuring it for testing on another infrastructure (for instance by using another domain). +To build an image you will also need at least id_ed25519.pub and +signing-key.pub: + +- id_ed25519.pub can be genreated with the ssh-keygen -t ed25519 + command. See the ssh-keygen manual ('man 1 ssh-keygen') for more + details. If you're not confortable with that, backup your ~/.ssh + folder first. + +- signing-key.pub can be generated with the 'guix archive + --generate-key' command. See the "Invoking guix archive" in the + Guix manual for more details[1]. + https://guix.gnu.org/en/manual/en/guix.html#Invoking-guix-archive + +Other files are optional: + +- id_ed25519: It is used for guix deploy. It is also generated by + ssh-keygen. A good idea is to have a symlink to it in order not to + have scp copy it to the target machine by mistake as it is the SSH + private key. Using separate SSH keys for separate machines also help + limiting the damage when such accident happen. + +- id_wireguard: This is the wireguard private key. It can be generated + with the 'wg genkey > id_wireguard' command. See the wg manual ('man + 8 wg') for more detail. + + Note that letsencrypt has a limit of about 5 certificates per week, so it's a good idea to use test domains before deployments.