Add gitleaks precommit hook

2022-02-07 21:26:00 -06:00 · 2022-02-07 21:26:00 -06:00 · 1460f20c92
parent c240e17131
commit 1460f20c92
2 changed files with 20 additions and 1 deletions
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -3,3 +3,7 @@ repos:
  rev: v2.1.0
  hooks:
  - id: forbid-secrets
+- repo: https://github.com/zricethezav/gitleaks
+  rev: v8.2.7
+  hooks:
+    - id: gitleaks
--- a/readme.md
+++ b/readme.md
@ -61,4 +61,19 @@ ansible-playbook -i inventory/hosts.yml ./nuke-k3s-cluster

 ## Setting up Flux

-
+- Install the `flux` CLI on a machine that can `kubectl` into the shiny, new cluster
+  - `paru -S flux-bin`
+  - or `curl -s https://fluxcd.io/install.sh | sudo bash`
+  - https://fluxcd.io/docs/installation/
+- Run the pre-flight check (you must have `~/.kube/config` setup!)
+  - `flux check --pre`
+- Create the `flux-system` namespace
+  - `kubectl create namespace flux-system --dry-run=client -o yaml | kubectl apply -f -`
+- Add the `sops-age` encryption key to the namespace
+  ```bash
+  pass home-k8s-cluster | grep age-secret-key | aws '{printf $2}' | \
+    kubectl --namespace flux-system create secret generic sops-age \
+    --from-file=age.agekey=/dev/stdin
+  ```
+- Install Flux
+  - `kubectl apply --kustomize=