Try adding gluetun and sops

readme.md

@@ -28,6 +28,34 @@ Host 192.168.1.101
 SSH into the server, and grab the kubeconfig with `sudo cat /etc/rancher/k3s/k3s.yaml`.
 Drop the user and cluster into your config and create a context to have that user and cluster
 
+## age & sops
+
+I use sops with age to encrypt keys etc in git.  
+Before pushing encrypted keys up, we'll need to re-encrypt them with a new key.  
+From a shell with sops and age installed, and an already known key under `$HOME/.config/sops/age/keys.txt` (or `%AppData%\sops\age\keys.txt`), create a new key in this repo `age-keygen -o keys.txt`.
+
+Add that new public key to the `.sops.yaml`, and push the secret key to the cluster with:
+
+```sh
+cat keys.txt |
+kubectl create secret generic sops-age \
+--namespace=flux-system \
+--from-file=keys.txt=/dev/stdin
+```
+
+Update the encryption with `sops updatekeys`, then delete keys.txt.
+
+### Using sops
+
+#### Encrypting
+
+After creating a new secret, run `sops encrypt --in-place ./path/to/secret.yaml`.
+
+#### Editing
+
+You can install the `@signageos/vscode-sops` extension in vscode to automatically decrypt, edit and re-encrypt a secret.  
+Or use `sops edit file.yaml`
+
 ## Flux CD
 
 Install flux and everything in this repo with the following: