I’m using sops-nix to handle my secrets, and I’m getting a bit confused about how to handle setting up new hosts, and restoring old hosts if they’ve been wiped for whatever reason. How does everyone else set this up?
I was intending to use nixos-anywhere to automate installations and copy over any needed secrets, and using SSH host keys for encryption. I need to have secrets during installation, because I want to setup my user with its password and disk encryption.