more notes

README.md

@@ -16,6 +16,11 @@ Connect solely through wireguard to `192.168.1.142` and serve the REST server wi
 
 ## Restic Repos
 
+`/etc/fstab` entry:
+```
+john-nas:/volume1/restic  /mnt/nfs/restic  nfs  nofail,_netdev,x-systemd.automount,x-systemd.idle-timeout=600,timeo=14,retrans=3,hard,tcp,nfsvers=3  0  0
+```
+
 Mounted using a bind mount point in the LXC.
 
 https://pve.proxmox.com/wiki/Linux_Container#_bind_mount_points
@@ -40,8 +45,34 @@ Check the resultant certificate:
 openssl x509 -noout -subject -issuer -ext extendedKeyUsage -ext subjectAltName -in certs/soteria.crt
 ```
 
+Set up renewal
+
+```bash
+sudo ./scripts/install_services.sh
+```
+
+Test renewal
+
+```
+systemctl start cert-renewer.service && \
+systemctl status cert-renewer.service --no-pager && \
+
+```
+
 ## Clients
 
+To set up a client, run the following command. It will prompt for the provisioner password and the repository name.
+
+```bash
+curl -sL https://gitea.john-stream.com/john/soteria/raw/branch/main/scripts/setup_client.sh | bash
+```
+
+```bash
+curl -sL https://gitea.john-stream.com/john/soteria/raw/branch/main/scripts/check_status.sh | bash
+```
+
+### Manual Setup
+
 Set up provisioner password by running this and pasting in the current JWK provisioner password for `admin`
 
 ```

docker-compose.yml

@@ -1,6 +1,7 @@
 services:
   rest-server:
     image: restic/rest-server
+    container_name: restic
     restart: unless-stopped
     volumes:
       - /mnt/restic:/data
@@ -9,6 +10,7 @@ services:
 
   caddy:
     image: caddy:alpine
+    container_name: caddy
     restart: unless-stopped
     ports:
       - "443:443"
@@ -18,4 +20,4 @@ services:
       - ./certs/soteria.key:/certs/soteria.key:ro
       - ${HOME}/.step/certs/root_ca.crt:/certs/root_ca.crt:ro
     depends_on:
-      - rest-server
+      - rest-server