# Setup

Make sure you have `podman` and `podman-compose` installed.

```bash
brew install podman podman-compose
```

Make sure the needed directories exists:

```bash
mkdir -p ./hc_vault/vault_data
mkdir -p ./hc_vault/certs
mkdir -p ./ssl-certs
```

Generate tailscale certs and place them in ssl-certs folder
```bash
tailscale cert <machine-name>.<network-name>

cp ~/Library/Containers/io.tailscale.ipn.macos/Data/<network-name>* ./ 
```

Then rename them to:
- tailscale-cert.crt
- tailscale-key.key

Then generate a self-signed root CA and use it to sign the Vault server cert:
```bash
brew install mkcert nss
			
mkcert -install
            
mkcert -key-file ./hc_vaut/certs/vault.key -cert-file ./hc_cault/certs/vault.crt \
   "*.faun-snapper.ts.net" \
   "faun-snapper.ts.net" \
   127.0.0.1 \
   "localhost" \
   "::1" \
   "vault"
   
# Copy Root CA cert as well
cp "$(mkcert -CAROOT)/rootCA.pem" ./hc_vault/certs/rootCA.pem
```



Then just run

```bash
podman-compose up -d
```