diff --git a/.sops.yaml b/.sops.yaml index af37a4f..21f2fcc 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -5,4 +5,4 @@ creation_rules: # kairos age: >- age1ntfcrf5fz43da6k9h4um06u8mejjsqg005jm6rwmt9wff949s58qqwx8tv, - age1uet38mkyg2uacft9tzdfuql6y5vf9d97h4dvfq2fm5gew7rz4usqm3a7tf + age1zm48vge8cpu8jwpxqc0tpgrwjqee0amhpmrla0dl8vzh08efu4fqwwcqax diff --git a/apps/gluetun/secret.yaml b/apps/gluetun/secret.yaml index 2a04c5c..ee52a5b 100644 --- a/apps/gluetun/secret.yaml +++ b/apps/gluetun/secret.yaml @@ -19,20 +19,20 @@ sops: - recipient: age1ntfcrf5fz43da6k9h4um06u8mejjsqg005jm6rwmt9wff949s58qqwx8tv enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYeHdxWFFlOFZ2d0VwQnJR - dVB6Qk9WSm1ERXlsSFFRazRWVlpIRC8xU1RnCjMyVGpRMUZ4clBwazVLY0FZRDlV - OE8xQnVwQnVSSkkxcWt5RUFCUmtubFUKLS0tIHdxS242Yjg3SGoybU1jV0VxNzY3 - c1ZHNk1RSTdNMUt4SjBqa2NZNmtLVzQKVXmBSA2HTwWLYU4/LAw4FLTacCS4IJKN - SWexKEcxg4bBuMP+GZauhZY5RSK+7IDdshJkXll3TP0iM6ztt6gvXA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkc2Z0Qm0yUDczYVN1b2Y3 + TTFJSSt3Ry9tOUpmM3o1ajdPZThVYXBpZFhzCjRKQ1R0OU1qMHdEV1NXTlE1VzR2 + VTNKaytmR0ZpbCtiRnRkVFhxTm4yckUKLS0tIEtXcXV3V21FSW04azNyNzZwRGls + Y3JsOFZMWVVlN0Y4SURDZ0k2L3VPaDQKvKWVSM8XXEt+rhboqm/p/tSO2Gf7SAUw + T2dUdoIeB/Lpx0+4bD9yRXydsCNcp5RxyQ/8bqc5VRgVta1Jl+g9AA== -----END AGE ENCRYPTED FILE----- - - recipient: age1uet38mkyg2uacft9tzdfuql6y5vf9d97h4dvfq2fm5gew7rz4usqm3a7tf + - recipient: age1zm48vge8cpu8jwpxqc0tpgrwjqee0amhpmrla0dl8vzh08efu4fqwwcqax enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByYzh1MzhidDJhVkx3R3dJ - LzJ3R1VGN1hsbjBkMmo0TGY5REFSQ0s4Vng0CmhGL3FsTm01eUttSUpORkdZT1c4 - TitCNzNYcGxtdkM5SUFLcW5QQ0NxOGcKLS0tIG8zVWlMZEZRVHdtSExaUUFxdHdy - MjJseVM2R2FWM1ZKZjY4azNpaUZva3MKa6NxII3XcJVIhUyzn9aPWs2cLT/YBUR2 - OjCmnosYznV+DxjKeTuXgMK+spvz7WbBzUkcCPTgB9I/NPnuDpDrJA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHb2FSa1d2L0JGbDlyRlp1 + ejZUU082emppOTRlaU1nSVZmVHBOSWV5SHhnCmlpZFV1cnRsME4wdVhvSjJZT0J5 + QWJCTVgxSnowSXFBV3RrR3RtaUhuZmcKLS0tIDFuaXl3NjZBNUhNSEN6Z2hZN2xq + ZDV4bU5VaU9EczhubVlLUTFhQWREaXMKNqUwgOhAu++if1cdGyMRZaGjfjoSxa8L + ZBcKsKlb0btyoCNuZkLQizkmNVe+HnKSfXGq5hce6ADr62+fEVaNlA== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-01-24T20:18:44Z" mac: ENC[AES256_GCM,data:cqLdb0hR4KUyxZpkXoezREg5+pLxiD080+AIMKDe4uT8MxNRdBfj7d+e9reCbi4Ev9Z1Os3Ds2B/IaS5xIbiS5xm9b1FhIoOogJkIKY3YbkU2ifnvtrddQua9S3X0/JD/fJ6Dp4OFsS6cIWccahdR9plbMTXW5Ex/MZdiId6oUU=,iv:CDpY2i6QMyvvenGlxvdYYtf4p5RVd/ALndxlDnk/7cQ=,tag:IF7DmCc0tMsLTaIub+c2hQ==,type:str] diff --git a/apps/sonarr/deployment.yaml b/apps/sonarr/deployment.yaml index e2dbb57..1eed61c 100644 --- a/apps/sonarr/deployment.yaml +++ b/apps/sonarr/deployment.yaml @@ -24,6 +24,7 @@ spec: name: gluetun imagePullPolicy: Always securityContext: + privileged: true capabilities: add: ["NET_ADMIN"] ports: diff --git a/kairos-config.yaml b/kairos-config.yaml index 71c2cc7..e634cfc 100644 --- a/kairos-config.yaml +++ b/kairos-config.yaml @@ -2,11 +2,10 @@ install: poweroff: true - image: "docker:gitea.home.joemonk.co.uk/joe/kairos-custom:3" + image: quay.io/kairos/debian:bookworm-standard-amd64-generic-v3.3.0-k3sv1.32.0-k3s1 reset: reboot: true - reset-persistent: true reset-oem: true @@ -32,37 +31,4 @@ stages: - name: "Setup dns" dns: nameservers: - - 192.168.1.1 - - name: "Set samba config" - files: - - path: /etc/samba/smb.conf - permissions: 0644 - owner: 0 - group: 0 - content: | - [global] - workgroup = WORKGROUP - server role = standalone server - map to guest = bad user - - ####### Share Definitions ####### - [data] - comment = Kairos File Server Share - path = /usr/local - browseable = yes - writeable = yes - read only = no - guest ok = yes - force user = root - force group = root - public = yes - - create mask = 777 - force create mode = 777 - security mask = 777 - force security mode = 777 - - directory mask = 0777 - force directory mode = 0777 - directory security mask = 0777 - force directory security mode = 0777 \ No newline at end of file + - 192.168.1.1 \ No newline at end of file diff --git a/readme.md b/readme.md index 8c039e8..54d0ba9 100644 --- a/readme.md +++ b/readme.md @@ -12,6 +12,8 @@ The main things we're looking for are the latest debian, standard, amd64, then the versions of kairos (v3.1.1) and k3s (1.30.2). - Burn to usb - Boot from usb, live install and go to the config webui + - If doing the firebat and it doesn't boot into bios or the drive, in grub press `c` then type `fwsetup` to reboot into bios + - Rufus struggles with the image, Ventoy worked perfectly using the live image launch - Add the public keys to the config (from ~/.ssh - `ssh-keygen -t ed25519 -C "joemonk@hotmail.co.uk"`) - Update the image at https://gitea.home.joemonk.co.uk/joe/kairos-custom to the latest kairos image and build it - Update the image in the kairos-config to reflect that build @@ -59,13 +61,11 @@ kubectl create secret generic sops-age \ --from-file=age.agekey=/dev/stdin ``` -Update the encryption with `sops updatekeys`, then delete age.agekey. +Delete age.agekey after sending it to the cluster. +Then update the encryption with `sops updatekeys -y apps/gluetun/secret.yaml`. -TODO - This doesn't appear to work as expected, need to do: - - `sops updatekeys -y apps/gluetun/secret.yaml` - -This should work but is untested (in fish) -`for file in $(grep -lr "sops:"); sops updatekeys -y $file; end` +In fish you can updatekeys in every secret +`for file in $(grep --include="*.yaml" -lr "sops:"); sops updatekeys -y $file; end` ### Using sops