updates...
This commit is contained in:
Amar Saljic
@ -1,9 +1,22 @@
|
||||
# NAxS Homelab
|
||||
Prerequisites:
|
||||
- Create a default network called homelab
|
||||
## Prerequisites
|
||||
0. Make sure that your user is part of the docker group
|
||||
- `cat /etc/group | grep docker` - if the entry looks like `docker:x:<Group ID>:<username>`, you're good to go
|
||||
- Otherwise please run `sudo usermod -aG docker <username>`, followed by logging out & in again for these changes to take into effect
|
||||
|
||||
1. Create a default network called homelab
|
||||
```
|
||||
docker network create homelab
|
||||
```
|
||||
2. Set up 1Password for access to secrets
|
||||
- Install `pass` & `gpg`
|
||||
- Generate key with `gpg --full-generate-key`
|
||||
- stick to defaults
|
||||
- as password, use `GPG cert password` stored inside the `NAxS Homelab` vault in 1Password
|
||||
- Initialize password storage with `pass init "GPG key ID"`
|
||||
- You can check out the ID by using `gpg --list-secret-keys --keyid-format LONG` - you should see a line with `sec`, containing the following information `<encryption technology>/ID`
|
||||
- Store the 1Password service account token in `pass` as `op-sa_token` by executing `pass insert op-sa_token`
|
||||
- Make sure your .zshrc file loads the token into the `OP_SERVICE_ACCOUNT_TOKEN` (this is needed by the 1Password CLI for authentication purposes when loading the secrets) environment variable by executing `export OP_SERVICE_ACCOUNT_TOKEN="$(pass op-sa_token)"`
|
||||
|
||||
// TODO: Create template script
|
||||
Template script which helps with setting up new applications (asks for potential secrets needs, adds default network to compose file, creates new users/groups to run containers rootless)
|
||||
Reference in New Issue
Block a user