52 lines
No EOL
989 B
Markdown
52 lines
No EOL
989 B
Markdown
# Setup
|
|
|
|
Make sure you have `podman` and `podman-compose` installed.
|
|
|
|
```bash
|
|
brew install podman podman-compose
|
|
```
|
|
|
|
Make sure the needed directories exists:
|
|
|
|
```bash
|
|
mkdir -p ./hc_vault/vault_data
|
|
mkdir -p ./hc_vault/certs
|
|
mkdir -p ./ssl-certs
|
|
```
|
|
|
|
Generate tailscale certs and place them in ssl-certs folder
|
|
```bash
|
|
tailscale cert <machine-name>.<network-name>
|
|
|
|
cp ~/Library/Containers/io.tailscale.ipn.macos/Data/<network-name>* ./
|
|
```
|
|
|
|
Then rename them to:
|
|
- tailscale-cert.crt
|
|
- tailscale-key.key
|
|
|
|
Then generate a self-signed root CA and use it to sign the Vault server cert:
|
|
```bash
|
|
brew install mkcert nss
|
|
|
|
mkcert -install
|
|
|
|
mkcert -key-file ./hc_vaut/certs/vault.key -cert-file ./hc_cault/certs/vault.crt \
|
|
"*.faun-snapper.ts.net" \
|
|
"faun-snapper.ts.net" \
|
|
127.0.0.1 \
|
|
"localhost" \
|
|
"::1" \
|
|
"vault"
|
|
|
|
# Copy Root CA cert as well
|
|
cp "$(mkcert -CAROOT)/rootCA.pem" ./hc_vault/certs/rootCA.pem
|
|
```
|
|
|
|
|
|
|
|
Then just run
|
|
|
|
```bash
|
|
podman-compose up -d
|
|
``` |