homelab/home-cluster
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity Actions
home-cluster/talos/README.md
sujiba 05e8310056 feat: added talhelper genconfig
2025-05-06 01:04:44 +02:00

1.8 KiB
Raw Blame History

Change into the directory $HOME/Documents/home-cluster/talos

Required packages

brew install talosctl talhelper sops age

Helpful vscode extension

vscode extension @signageos/vscode-sops

Configure sops and age

# When decrypting a file with the corresponding identity, SOPS will look for a text 
# file named keys.txt located in a sops subdirectory of your user configuration directory.
mkdir -p $HOME/Library/Application\ Support/sops/age

# Generate the key pair
age-keygen -o  $HOME/Library/Application\ Support/sops/age/keys.txt

talhelper

Encryption setup

Create and copy the following content into your .sops.yaml. Replace YOUR_PULBIC_AGE_KEY with the public key that you can find in your previously genereted keys.txt.

Note

Do not change the indentation!

---
creation_rules:
  - age: >-
      YOUR_PULBIC_AGE_KEY

talos secret

Generate and encrypt your new talos secret.

talhelper gensecret > talsecret.sops.yaml

sops -e -i talsecret.sops.yaml

Caution

Do not update or change talsecret.sops.yaml.

talhelper environment vars

Create and encrypt the talenv.yaml to store sensitive data used during talhelper genconfig

vi talenv.yaml

sops -e -i talenv.yaml

talhelper genconfig

The command talhelper genconfig will create a .gitignore, talosconfig and CLUSTERNAME_HOSTNAMEs.yaml under clusterconfig.

Caution

The .gitignore contains all genereted files from talhelper genconfig because those files contain unencrypted secrets.

talconfig.yaml

Create a talconfig.yaml. Take inspiration from the talhelper template and the configuration parameters.

vi talconfig.yaml