home-cluster/talos/README.md

Change into the directory `$HOME/Documents/home-cluster/talos`

# Required packages
```bash
brew install talosctl talhelper sops age
```
## Helpful vscode extension
```bash
vscode extension @signageos/vscode-sops
```

# Configure sops and age
```bash
# When decrypting a file with the corresponding identity, SOPS will look for a text 
# file named keys.txt located in a sops subdirectory of your user configuration directory.
mkdir -p $HOME/Library/Application\ Support/sops/age

# Generate the key pair
age-keygen -o  $HOME/Library/Application\ Support/sops/age/keys.txt
```

# talhelper
## Encryption setup
Create and copy the following content into your `.sops.yaml`. Replace `YOUR_PULBIC_AGE_KEY` with the public key that you can find in your previously genereted keys.txt.

> [!NOTE]
> Do not change the indentation!

```yaml
---
creation_rules:
  - age: >-
      YOUR_PULBIC_AGE_KEY
```

## talos secret
Generate and encrypt your new talos secret.
```bash
talhelper gensecret > talsecret.sops.yaml

sops -e -i talsecret.sops.yaml
```

> [!CAUTION]
> Do not update or change `talsecret.sops.yaml`.

## talhelper environment vars
Create and encrypt the talenv.yaml to store sensitive data used during `talhelper genconfig`
```bash
vi talenv.yaml

sops -e -i talenv.yaml
```

## talhelper genconfig
The command `talhelper genconfig` will create a `.gitignore`, `talosconfig` and `CLUSTERNAME_HOSTNAMEs.yaml` under clusterconfig. 

> [!CAUTION]
> The `.gitignore` contains all genereted files from `talhelper genconfig` because those files contain unencrypted secrets.

## talconfig.yaml
Create a talconfig.yaml. Take inspiration from the [talhelper template](https://github.com/budimanjojo/talhelper/blob/master/example/talconfig.yaml) and the [configuration parameters](https://budimanjojo.github.io/talhelper/latest/reference/configuration/).

```bash
vi talconfig.yaml
```