README: document missing files
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
This commit is contained in:
parent
7bbeec490a
commit
b4eb83df6e
26
README
26
README
|
@ -6,6 +6,32 @@ $ ./autogen.sh && ./configure && make
|
|||
You can also check the configure option for configuring it for testing
|
||||
on another infrastructure (for instance by using another domain).
|
||||
|
||||
To build an image you will also need at least id_ed25519.pub and
|
||||
signing-key.pub:
|
||||
|
||||
- id_ed25519.pub can be genreated with the ssh-keygen -t ed25519
|
||||
command. See the ssh-keygen manual ('man 1 ssh-keygen') for more
|
||||
details. If you're not confortable with that, backup your ~/.ssh
|
||||
folder first.
|
||||
|
||||
- signing-key.pub can be generated with the 'guix archive
|
||||
--generate-key' command. See the "Invoking guix archive" in the
|
||||
Guix manual for more details[1].
|
||||
https://guix.gnu.org/en/manual/en/guix.html#Invoking-guix-archive
|
||||
|
||||
Other files are optional:
|
||||
|
||||
- id_ed25519: It is used for guix deploy. It is also generated by
|
||||
ssh-keygen. A good idea is to have a symlink to it in order not to
|
||||
have scp copy it to the target machine by mistake as it is the SSH
|
||||
private key. Using separate SSH keys for separate machines also help
|
||||
limiting the damage when such accident happen.
|
||||
|
||||
- id_wireguard: This is the wireguard private key. It can be generated
|
||||
with the 'wg genkey > id_wireguard' command. See the wg manual ('man
|
||||
8 wg') for more detail.
|
||||
|
||||
|
||||
Note that letsencrypt has a limit of about 5 certificates per week, so
|
||||
it's a good idea to use test domains before deployments.
|
||||
|
||||
|
|
Loading…
Reference in New Issue