| .. | ||
| hc_vault | ||
| nginx/conf | ||
| .gitignore | ||
| docker-compose.yml | ||
| example.yaml | ||
| README.md | ||
Setup
Make sure you have podman and podman-compose installed.
brew install podman podman-compose
Make sure the needed directories exists:
mkdir -p ./hc_vault/vault_data
mkdir -p ./hc_vault/certs
mkdir -p ./ssl-certs
Generate tailscale certs and place them in ssl-certs folder
tailscale cert <machine-name>.<network-name>
cp ~/Library/Containers/io.tailscale.ipn.macos/Data/<network-name>* ./
Then rename them to:
- tailscale-cert.crt
- tailscale-key.key
Then generate a self-signed root CA and use it to sign the Vault server cert:
brew install mkcert nss
mkcert -install
mkcert -key-file ./hc_vaut/certs/vault.key -cert-file ./hc_cault/certs/vault.crt \
"*.faun-snapper.ts.net" \
"faun-snapper.ts.net" \
127.0.0.1 \
"localhost" \
"::1" \
"vault"
# Copy Root CA cert as well
cp "$(mkcert -CAROOT)/rootCA.pem" ./hc_vault/certs/rootCA.pem
Then just run
podman-compose up -d