Update installation guide

INSTALLATION.md

@@ -607,6 +607,10 @@ The resulting file should then look something like this:
   boot.supportedFilesystems = [ "btrfs" ];
   hardware.enableAllFirmware = true;
 
+  # My flake disables password-based SSH authentication.
+  # either set up a key based auth, or uncomment this
+  #services.openssh.settings.PasswordAuthentication = lib.mmkForce true;
+
   nix.settings = {
     max-jobs = 6;
     cores = 6;
@@ -642,6 +646,13 @@ The resulting file should then look something like this:
 }
 ```
 
+> [!WARNING]
+> I'm currently working on making impermanence config in my flake directly. This will mean you will eventually be
+> expected to just enable impermanence through myOptions. Right now, the config above includes `impermanence.nix`
+> that we have enabled earlier. This will work, however note that flakes are a bit stricter with fetchTarball, and
+> require a sha256 hash to be specified. You can specify it, or use the `--impure` flag for now. Once impermanence
+> will be integrated into my flake, it will be handled as an input, and you won't have to worry about anything.
+
 ### Commit and switch
 
 Once you've declared everything, make a commit and run `nix flake check` to make sure you everything checks out,
@@ -659,6 +670,122 @@ Finally, you should now be ready to switch:
 sudo nixos-rebuild switch --flake .
 ```
 
+If everything went well, you should now be left with a system configured to my specification.
+
+### Last steps
+
+Now that you've managed set up my flake, there are a few last steps to take.
+
+First, you will probably now still be in a bash shell, I however use zsh, so you will want to re-login.
+
+### Neovim
+
+> [!WARNING]
+> If you're logged in through SSH, you will need to set up a key based authentication,
+> since password auth for SSH is disabled in my flake.
+
+Once in zsh, another important step to set up neovim. Since I use a custom configuration, which relies on a lot of
+plugins and other utilities, you will want to run neovim in headless mode for the first time, and leave it to install
+all of these automatically:
+
+```shell
+nvim --headless +q
+```
+
+Once this completes, run neovim. Note that you will still see Mason installing a bunch of tools now, which will cause a
+lot of notifications. Don't be alarmed by that, it is normal. Once the notifications stop, the installation process will
+be truly complete. You can then close neovim.
+
+### XDG base dirs
+
+My flake exports various environment variables and does a bunch of other things to force applications into following XDG
+base directory specification and not cluttering `$HOME`.
+
+However, since we used a bunch of applications already, before moving to my flake. There will be a bunch of files or
+directories that already got made. We will need to move these to their appropriate XDG locations, or even delete them
+entirely, if we're not using these applications anymore, or if these applications are capable of automatically
+recreating these directories trivially:
+
+```shell
+rm "$HOME/.nix-defexpr"
+rm "$HOME/.bash_history"
+```
+
+### GPG keys and commit signing
+
+Another important thing is to finish up setting your git commit signing. As you've probably noticed from the myOptions
+config, I have already defined my signing key there, however you will need to import this gpg key manually.
+
+Export your public and private keys with GPG and make them available on this machine. To do so, you can run these
+commands from another machine:
+
+```shell
+gpg --output ./my-key.pub.gpg --armor --export [key-id]
+gpg --output ./my-key.priv.gpg --armor --export-secret-keys [key-id]
+# Now get these files to the new machine
+# you can use sftp, or just a flash drive or whatever other method you prefer
+```
+
+Once the keys are available, run these commands from the new machine:
+
+```shell
+gpg --import ./my-key.pub.gpg
+gpg --import ./my-key.priv.gpg
+```
+
+You might also want to change the trust level for this key, which you can do with:
+
+```shell
+gpg --edit-key [key-id]
+# In the interactive session, run `trust`, select your trust level and finally run `save`
+```
+
+My flake already configured your git to enable commit signing using the key you specified earlier (even though it wasn't
+yet available at that point). Any new commits that you make from now on will be signed
+
+### Git credentials
+
+> [!WARNING]
+> I don't yet have a proper set up for git credentials handled, for now, you can
+> just use the HTTPS based authentication with store credential helper. Like what's
+> described below. This category will however be completely rewritten and moved to
+> SSH keys once I have support for them ready in the flake.
+
+```shell
+git config --local credential.helper "store --file ~/.config/git/git-credentials"
+```
+
+Now, once you run `git push`, you will be asked for a password, which will get stored
+to `~/.config/git/git-credentials` (in plain-text, though the file is protected by file-system permissions, and only the
+owner can read it).
+
+### Push to git
+
+First, let's remove our temporary hack with git local configuration we used to allow us to make commits:
+
+```shell
+git config --local --unset user.name
+git config --local --unset user.email
+```
+
+Now that you have git set up, let's ammend our previous commits, which will recreate it, and this time, git will use our
+global configuration with the gpg keys configured to sign the commits.
+
+The following command will rebase all commits until we reach the `main` branch, from which we branched off, which means
+it will sign all commits in our `temp` branch:
+
+```shell
+git rebase --exec 'git commit --amend --no-edit -n -S' -i main
+```
+
+Now that our commits are signed, we're ready to merge and push:
+
+```shell
+git checkout main
+git rebase temp
+git push
+```
+
 ## Sources / Attribution
 
 - <https://nixos.wiki/wiki/Btrfs>