# Research: VPS Image Migration

## Decision 1: Replace deprecated image generator usage

- **Decision**: Use NixOS's built-in image building workflow (`nixos-rebuild build-image`) for Linode-compatible images.
- **Rationale**: The NixOS manual documents `nixos-rebuild build-image` and lists Linode as a supported image target via `image.modules`, indicating the upstream path for image generation.
- **Alternatives considered**:
  - Keep using nixos-generators (rejected due to deprecation and upstream migration).

## Decision 2: Secure-first secrets bootstrap for vps

- **Decision**: Use a two-phase bootstrap where the vps generates its own age key on first boot, then the host public key is added as a recipient and secrets are re-encrypted before the second deploy.
- **Rationale**: sops-nix supports generating an age key when missing and can use SSH host keys to derive age identities; this avoids embedding private keys in the image or repository.
- **Alternatives considered**:
  - Bake a static age key into the image (rejected for security risk).
  - Ship a fixed SSH host key in the image (rejected for key reuse across hosts).