From 1460f20c9256182c6f71525c9938bd1b7e8d83c8 Mon Sep 17 00:00:00 2001
From: Daniel Flanagan <daniel@lyte.dev>
Date: Mon, 7 Feb 2022 21:26:00 -0600
Subject: [PATCH] Add gitleaks precommit hook

---
 .pre-commit-config.yaml |  4 ++++
 readme.md               | 17 ++++++++++++++++-
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index aa40202..b3fa90c 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -3,3 +3,7 @@ repos:
   rev: v2.1.0
   hooks:
   - id: forbid-secrets
+- repo: https://github.com/zricethezav/gitleaks
+  rev: v8.2.7
+  hooks:
+    - id: gitleaks
diff --git a/readme.md b/readme.md
index b7b0322..813b843 100644
--- a/readme.md
+++ b/readme.md
@@ -61,4 +61,19 @@ ansible-playbook -i inventory/hosts.yml ./nuke-k3s-cluster
 
 ## Setting up Flux
 
--
+- Install the `flux` CLI on a machine that can `kubectl` into the shiny, new cluster
+  - `paru -S flux-bin`
+  - or `curl -s https://fluxcd.io/install.sh | sudo bash`
+  - https://fluxcd.io/docs/installation/
+- Run the pre-flight check (you must have `~/.kube/config` setup!)
+  - `flux check --pre`
+- Create the `flux-system` namespace
+  - `kubectl create namespace flux-system --dry-run=client -o yaml | kubectl apply -f -`
+- Add the `sops-age` encryption key to the namespace
+  ```bash
+  pass home-k8s-cluster | grep age-secret-key | aws '{printf $2}' | \
+    kubectl --namespace flux-system create secret generic sops-age \
+    --from-file=age.agekey=/dev/stdin
+  ```
+- Install Flux
+  - `kubectl apply --kustomize=