feat: start with talos

talos/README.md

@@ -0,0 +1,60 @@
+Change into the directory `$HOME/Documents/home-cluster/talos`
+
+# Required packages
+```bash
+brew install talosctl talhelper sops age
+```
+## Helpful vscode extension
+```bash
+vscode extension @signageos/vscode-sops
+```
+
+# Configure sops and age
+```bash
+# When decrypting a file with the corresponding identity, SOPS will look for a text 
+# file named keys.txt located in a sops subdirectory of your user configuration directory.
+mkdir -p $HOME/Library/Application\ Support/sops/age
+
+# Generate the key pair
+age-keygen -o  $HOME/Library/Application\ Support/sops/age/keys.txt
+```
+
+# talhelper
+## Encryption setup
+Create and copy the following content into your `.sops.yaml`. Replace `YOUR_PULBIC_AGE_KEY` with the public key that you can find in your previously genereted keys.txt.
+
+> [!NOTE]
+> Do not change the indentation!
+
+```yaml
+---
+creation_rules:
+  - age: >-
+      YOUR_PULBIC_AGE_KEY
+```
+
+## talos secret
+Generate and encrypt your new talos secret.
+```bash
+talhelper gensecret > talsecret.sops.yaml
+
+sops -e -i talsecret.sops.yaml
+```
+
+> [!CAUTION]
+> Do not update or change `talsecret.sops.yaml`.
+
+## talhelper environment vars
+Create and encrypt the talenv.yaml to store sensitive data used during `talhelper genconfig`
+```bash
+vi talenv.yaml
+
+sops -e -i talenv.yaml
+```
+
+## talhelper genconfig
+The command `talhelper genconfig` will create a `.gitignore`, `talosconfig` and `CLUSTERNAME_HOSTNAMEs.yaml` under clusterconfig. 
+
+> [!CAUTION]
+> The `.gitignore` contains all genereted files from `talhelper genconfig` because those files contain unencrypted secrets.
+