docs: some documentation

2 files changed, 28 insertions, 0 deletions

diff --git a/cmd/dnsupdate/README.org b/cmd/dnsupdate/README.org
new file mode 100644
index 0000000..a80e407
--- /dev/null
+++ b/cmd/dnsupdate/README.org
@@ -0,0 +1,7 @@
+#+TITLE: dnsupdate
+
+Utility to update the managed zone for =fcuny.xyz= in Google Cloud.
+
+I use the domain =fcuny.xyz= to run a number of services on an IP provided by Tailscale. I don't want these domains to be visible on the web, but I also want to have a valid HTTPS certificate for them. By having a proper DNS I can use ACME to get the certificates, without making them available.
+
+Instead of updating the subdomains through the [[https://console.cloud.google.com/net-services/dns/zones/fcuny-xyz/details?project=fcuny-homelab][console]], I can now run this program.
diff --git a/docs/gcloud.org b/docs/gcloud.org
new file mode 100644
index 0000000..95e7531
--- /dev/null
+++ b/docs/gcloud.org
@@ -0,0 +1,21 @@
+#+TITLE: Gcloud
+
+* Initial setup
+First we need to create a service account, with:
+#+begin_src sh
+gcloud --project fcuny-homelab iam service-accounts create world-nix
+#+end_src
+
+Next we need to bind the new policy:
+#+begin_src sh
+gcloud projects add-iam-policy-binding fcuny-homelab --member="serviceAccount:world-nix@fcuny-homelab.iam.gserviceaccount.com" --role="roles/accessapproval.configEditor"
+#+end_src
+
+Note: I had to add DNS administrator in the console, I don't know what I need to add to this command.
+
+Finally we need the key:
+#+begin_src sh
+gcloud iam service-accounts keys create world-nix.json --iam-account=world-nix@fcuny-homelab.iam.gserviceaccount.com
+#+end_src
+
+This will create a file name =world-nix.json=. It's best to encrypt it with =age= and move it under the =secrets= directory for a host.