#+TITLE: Gcloud

* Initial setup
First we need to create a service account, with:
#+begin_src sh
gcloud --project fcuny-homelab iam service-accounts create world-nix
#+end_src

Next we need to bind the new policy:
#+begin_src sh
gcloud projects add-iam-policy-binding fcuny-homelab --member="serviceAccount:world-nix@fcuny-homelab.iam.gserviceaccount.com" --role="roles/accessapproval.configEditor"
#+end_src

Note: I had to add DNS administrator in the console, I don't know what I need to add to this command.

Finally we need the key:
#+begin_src sh
gcloud iam service-accounts keys create world-nix.json --iam-account=world-nix@fcuny-homelab.iam.gserviceaccount.com
#+end_src

This will create a file name =world-nix.json=. It's best to encrypt it with =age= and move it under the =secrets= directory for a host.