homelab/home-cluster
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity Actions
home-cluster/talos
History
sujiba b0b03791b5 chore: moved patches under controlPlane
2025-05-07 10:27:03 +02:00
..
clusterconfig feat: start with talos 2025-05-06 00:56:54 +02:00
.sops.yaml feat: start with talos 2025-05-06 00:56:54 +02:00
README.md feat: added talos image factory 2025-05-06 23:00:29 +02:00
talconfig.yaml chore: moved patches under controlPlane 2025-05-07 10:27:03 +02:00
talenv.yaml feat: start with talos 2025-05-06 00:56:54 +02:00
talsecret.sops.yaml feat: start with talos 2025-05-06 00:56:54 +02:00

README.md

Deploy Talos with the help of talhelper

Required packages

brew install talosctl talhelper sops age

Helpful vscode extension

vscode extension @signageos/vscode-sops

Configure sops and age

# When decrypting a file with the corresponding identity, SOPS will look for a text 
# file named keys.txt located in a sops subdirectory of your user configuration directory.
mkdir -p $HOME/Library/Application\ Support/sops/age

# Generate the key pair
age-keygen -o  $HOME/Library/Application\ Support/sops/age/keys.txt

talhelper

Change into the directory $HOME/Documents/home-cluster/talos

Encryption setup

Create the file .sops.yaml and copy the following content into it. Replace YOUR_PULBIC_AGE_KEY with the public key that you can find in your previously genereted keys.txt.

Note

Do not change the indentation!

---
creation_rules:
  - age: >-
      YOUR_PULBIC_AGE_KEY

talos secret

Generate and encrypt your new talos secret.

talhelper gensecret > talsecret.sops.yaml

sops -e -i talsecret.sops.yaml

Caution

Do not update or change talsecret.sops.yaml.

talhelper environment vars

Create and encrypt the talenv.yaml to store sensitive data used during talhelper genconfig

vi talenv.yaml

sops -e -i talenv.yaml

talhelper genconfig

The command talhelper genconfig will create a .gitignore, talosconfig and CLUSTERNAME_HOSTNAMEs.yaml under clusterconfig.

Caution

The .gitignore contains all genereted files from talhelper genconfig because those files contain unencrypted secrets.

talconfig.yaml

Create a talconfig.yaml. Take inspiration from the talhelper template and the configuration parameters.

vi talconfig.yaml

Talos image factory

Vist the website https://factory.talos.dev

  1. Hardware Type: Bare-metal Machine
  2. Choose Talos Linux Version: 1.10.0 (use the latest stable version)
  3. Machine Architecture: amd64
  4. System Extensions:
    1. siderolabs/i915 (intel gpu drivers)
    2. siderolabs/intel-ucode (intel microcode)
  5. Customization: skip
  6. Schematic Ready: Download the iso