diff --git a/README.md b/README.md index 26ca1d1..ad82e0e 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,10 @@ Soteria: https://en.wikipedia.org/wiki/Soteria_(mythology) > In Greek mythology, Soteria (Greek: Σωτηρία) was the goddess or spirit (daimon) of safety and salvation, deliverance, and preservation from harm +## Intent + +Connect solely through wireguard to `192.168.1.142` and serve the REST server with a certificate signed by Janus. + ## Restic REST Server [restic / **rest-server**](https://github.com/restic/rest-server) @@ -14,8 +18,31 @@ Soteria: https://en.wikipedia.org/wiki/Soteria_(mythology) [Certificate Renewal](https://smallstep.com/docs/step-ca/renewal/) +Generate a new private key and (public) certificate + ``` -step ca certificate soteria.john-stream.com foo.crt foo.key --provisioner admin +step ca certificate soteria.john-stream.com certs/foo.crt certs/foo.key --provisioner admin +``` + +Check certificate +``` +openssl x509 -in certs/foo.crt -noout -subject -issuer -ext extendedKeyUsage +``` + +``` +cat certs/foo.crt certs/foo.key > $(step path)/certs/soteria.pem +``` + +Add to ~/.bashrc to trust the Janus CA: + +``` +export RESTIC_CACERT=$(step path)/certs/root_ca.crt +``` + +Create a test repo through the rest server: + +``` +restic -r rest:https://soteria.john-stream.com:8443/dev-test --tls-client-cert certs/client_combined.pem init ``` ## Restic Repos @@ -27,3 +54,26 @@ https://pve.proxmox.com/wiki/Linux_Container#_bind_mount_points ``` pct set 103 -mp0 /mnt/nfs/restic,mp=/mnt/restic ``` + +## Restic Clients + +Need restic 0.16+ for the env vars `RESTIC_CACERT` and `RESTIC_TLS_CLIENT_CERT` to work. + +``` +export RESTIC_CACERT=$(step path)/certs/root_ca.crt +export RESTIC_TLS_CLIENT_CERT=$(step path)/certs/soteria.pem +``` + +### Installing Latest Binary + +``` +curl -s https://api.github.com/repos/restic/restic/releases/latest | grep tag_name +``` + +``` +wget -O restic.bz2 https://github.com/restic/restic/releases/download/v0.18.1/restic_0.18.1_linux_amd64.bz2 && \ +bunzip2 restic.bz2 && \ +chmod +x restic && \ +sudo mv restic /usr/local/bin/ && \ +restic version +```