diff --git a/infra/setup_server.sh b/infra/setup_server.sh
index 6b1005f..89a3071 100644
--- a/infra/setup_server.sh
+++ b/infra/setup_server.sh
@@ -144,6 +144,7 @@ fi
 
 DEPLOY_PUB=$(cat "${DEPLOY_KEY}.pub")
 AGE_PUB=$(grep "public key:" "${AGE_KEY_FILE}" | awk '{print $NF}')
+SERVER_IP=$(hostname -I | awk '{print $1}')
 
 echo ""
 echo "=================================================================="
@@ -158,25 +159,21 @@ echo "    ${AGE_PUB}"
 echo ""
 echo "=================================================================="
 echo ""
-echo "  Next steps:"
+echo "  Next steps (run from your workstation):"
 echo ""
 echo "  1. Add the SSH deploy key to GitLab:"
 echo "       → Repository Settings → Deploy Keys → Add key (read-only)"
 echo ""
-echo "  2. Add the age public key to .sops.yaml on your workstation:"
-echo "       creation_rules:"
-echo "         - path_regex: \\.env\\.(dev|prod)\\.sops\$"
-echo "           age: >-"
-echo "             <dev-key>"
-echo "             + ${AGE_PUB}"
+echo "  2. Add the server age key to .sops.yaml (comma-separated):"
+echo "       age: <your-dev-key>,${AGE_PUB}"
 echo ""
-echo "  3. Re-encrypt prod secrets to include the server key:"
+echo "  3. Re-encrypt and push:"
 echo "       sops updatekeys .env.prod.sops"
 echo "       git add .sops.yaml .env.prod.sops"
 echo "       git commit -m 'chore: add server age key'"
 echo "       git push"
 echo ""
 echo "  4. Run bootstrap:"
-echo "       bash infra/bootstrap_supervisor.sh"
+echo "       ssh root@${SERVER_IP} 'bash -s' < infra/bootstrap_supervisor.sh"
 echo ""
 echo "=================================================================="