tasks.py: add ssh-to-age to shell and update comments

.sops.yaml

@@ -8,8 +8,7 @@ keys:
   - &ryantm age1d87z3zqlv6ullnzyng8l722xzxwqr677csacf3zf3l28dau7avfs6pc7ay
   - &zimbatm age1jrh8yyq3swjru09s75s4mspu0mphh7h6z54z946raa9wx3pcdegq0x8t4h
   - &zowoq age1m7xhem3qll35d539f364pm6txexvnp6k0tk34d8jxu4ry3pptv7smm0k5n
-# scan new hosts like this:
+# scan new hosts with `scan-age-keys` task
-# $ nix-shell -p ssh-to-age --run 'ssh-keyscan buildXX.nix-community.org | ssh-to-age'
 creation_rules:
   - path_regex: ^secrets.yaml$
     key_groups:

shell.nix

@@ -17,6 +17,7 @@ mkShellNoCC {
     ))
     jq
     sops
+    ssh-to-age
     (python3.withPackages (
       p: [
         p.deploykit

tasks.py

@@ -124,7 +124,7 @@ find . \
 @task
 def scan_age_keys(c, host):
     """
-    Scans for the host key via ssh an converts it to age
+    Scans for the host key via ssh an converts it to age. Use inv scan-age-keys build**.nix-community.org
     """
     import subprocess
 
@@ -133,7 +133,7 @@ def scan_age_keys(c, host):
     )
     print("###### Age keys ######")
     subprocess.run(
-        ["nix", "run", "--inputs-from", ".#", "nixpkgs#ssh-to-age"],
+        ["ssh-to-age"],
         input=proc.stdout,
         check=True,
         text=True,