From 2db6918b2948d74ae774f2bd0fd3992141a3ba2b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=98=9F=E6=9C=88?= <xingyue@shazhou.work>
Date: Wed, 22 Apr 2026 20:40:22 +0800
Subject: [PATCH] fix: decouple 01-ssh-keypair from 03-gitea-tea dependency

Split SSH key setup: generate first, register to Gitea later after tea/cfg are ready
---
 .../references/01-ssh-keypair.md              | 20 +++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/hermes/shazhou-family-onboard/references/01-ssh-keypair.md b/hermes/shazhou-family-onboard/references/01-ssh-keypair.md
index 5dae774..94982c6 100644
--- a/hermes/shazhou-family-onboard/references/01-ssh-keypair.md
+++ b/hermes/shazhou-family-onboard/references/01-ssh-keypair.md
@@ -16,27 +16,35 @@ ls ~/.ssh/id_ed25519.pub 2>/dev/null && cat ~/.ssh/id_ed25519.pub
 ssh-keygen -t ed25519 -C "AGENT_NAME@shazhou.work" -f ~/.ssh/id_ed25519 -N ""
 ```
 
-### 注册到 Gitea
+## 验证
 
-需要有 Gitea 账号（见 03-gitea-tea.md），然后：
+密钥生成后确认文件存在即可：
+
+```bash
+ls -la ~/.ssh/id_ed25519 ~/.ssh/id_ed25519.pub
+```
+
+### 注册到 Gitea（在 03-gitea-tea 和 04-cfg 完成后执行）
+
+拿到 Gitea 账号和 GITEA_TOKEN 后，回来把公钥注册上去：
 
 ```bash
 # 方法一：通过 Gitea Web UI
 # 访问 https://git.shazhou.work/user/settings/keys ，添加公钥
 
-# 方法二：通过 API（需要 token）
+# 方法二：通过 API
 PUBKEY=$(cat ~/.ssh/id_ed25519.pub)
+TOKEN=$(cfg get GITEA_TOKEN)
 curl -s -X POST \
-  -H "Authorization: token $GITEA_TOKEN" \
+  -H "Authorization: token $TOKEN" \
   -H "Content-Type: application/json" \
   "https://git.shazhou.work/api/v1/user/keys" \
   -d "{\"title\": \"$(hostname)\", \"key\": \"$PUBKEY\"}"
 ```
 
-## 验证
+验证 SSH 连接：
 
 ```bash
-# 测试 SSH 连接到 Gitea
 ssh -T git@git.shazhou.work 2>&1
 # 应该返回类似: Hi AGENT_NAME! You've successfully authenticated...
 ```