README: document missing files

Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
2023-09-19 22:43:49 +02:00 · 2023-09-19 22:43:49 +02:00 · b4eb83df6e
parent 7bbeec490a
commit b4eb83df6e
1 changed files with 26 additions and 0 deletions
--- a/26
+++ b/26
@ -6,6 +6,32 @@ $ ./autogen.sh && ./configure && make
 You can also check the configure option for configuring it for testing
 on another infrastructure (for instance by using another domain).

+To build an image you will also need at least id_ed25519.pub and
+signing-key.pub:
+
+- id_ed25519.pub can be genreated with the ssh-keygen -t ed25519
+  command. See the ssh-keygen manual ('man 1 ssh-keygen') for more
+  details. If you're not confortable with that, backup your ~/.ssh
+  folder first.
+
+- signing-key.pub can be generated with the 'guix archive
+  --generate-key' command.  See the "Invoking guix archive" in the
+  Guix manual for more details[1].
+  https://guix.gnu.org/en/manual/en/guix.html#Invoking-guix-archive
+
+Other files are optional:
+
+- id_ed25519: It is used for guix deploy. It is also generated by
+  ssh-keygen. A good idea is to have a symlink to it in order not to
+  have scp copy it to the target machine by mistake as it is the SSH
+  private key. Using separate SSH keys for separate machines also help
+  limiting the damage when such accident happen.
+
+- id_wireguard: This is the wireguard private key. It can be generated
+  with the 'wg genkey > id_wireguard' command. See the wg manual ('man
+  8 wg') for more detail.
+
+
 Note that letsencrypt has a limit of about 5 certificates per week, so
 it's a good idea to use test domains before deployments.