Update docs

docs/services/sealed-secrets.md

@@ -1,7 +0,0 @@
-# Sealed Secrets
-
-Add the normal helm release for sealed secrets. Place into its own namespace.
-
-## Adding an Existing Certificate
-
-## Explanation of Certificate Rotation

docs/technical/conventions.md

@@ -0,0 +1,6 @@
+# Cluster Conventions
+
+Try and stick to these, so our life is a bit easier.
+
+- Place all components in their own namespace
+- Place all system components into a `*-system` namespace

docs/technical/index.md

@@ -0,0 +1,5 @@
+# Technical Documentation
+
+This is techical documentation on operating services, primarily inteded for me.
+Therefore, it may be incomplete, and make large assumptions about the knowledge of
+the one reading the documentation.

docs/technical/longhorn.md

@@ -0,0 +1,10 @@
+# Longhorn
+
+In cluster storage management. Good for small amounts of data that needs to be
+physically close to the host system, or data that needs to be available regardless
+of the state of the NFS server.
+
+> NOTE
+> 
+> Longhorn is really cool, but I hate using it. It causes so many headaches trying
+> to set it up. Really thankful it exists, but just use an NFS share if you can.

docs/technical/nfs-storage.md

@@ -0,0 +1,34 @@
+# NFS Storage
+
+You will want to make NFS based PV/PVC. Here is a sample one just in case.
+
+```yaml
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: nfs-pv
+  namespace: my-namespace
+spec:
+  capacity:
+    storage: 20Gi
+  accessModes:
+    - ReadWriteMany
+  nfs:
+    path: /path/to/your/nfs/share
+    server: <your-nfs-server-ip>
+```
+
+```yaml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: nfs-pvc
+  namespace: my-namespace
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: ""
+  resources:
+    requests:
+      storage: 20Gi
+```

docs/technical/nvidia.md

@@ -0,0 +1,21 @@
+# Nvidia Operator
+
+The nvidia operator is responsible for making `gpus` a resource that can be requested 
+by pods, and allowing pods to use the nvidia container runtime (You did run the ansible
+script to install the nvidia container runtime, right?).
+
+Bring over the helmchart release. Put it into its own namespace.
+
+## Verify it worked
+
+To verify it worked, run a describe on a node that has GPUs, such as,
+
+```bash
+kubectl describe node gluttony-gpu
+```
+
+Quicker than reading, check that this has the expected output,
+
+```bash
+kubectl describe node gluttony-gpu | grep nvidia.com
+```

docs/technical/sealed-secrets.md

@@ -0,0 +1,58 @@
+# Sealed Secrets
+
+Add the normal helm release for sealed secrets. Place into its own namespace.
+
+## Adding an Existing Certificate
+
+### Extracting certs
+
+Store secrets in a json format, something of the form,
+
+```json
+{
+  "tls.crt": "ABC123...",
+  "tls.key": "XYZ987..."
+}
+
+```
+
+Both values will be base64 encoded. Something to this effect will get what you want.
+
+```bash
+pass my-secret-key | jq -r '.[tls.crt]' | base64 -d | base64 -d | tee pub-cert.pem
+pass my-secret-key | jq -r '.[tls.key]' | base64 -d | base64 -d | tee private-key.pem
+```
+
+You will know it worked if the outputted keys from `tee` contain the normal headers.
+
+
+### Apply cert into cluster
+
+To apply the cert into the cluster, just make the secret
+
+```bash
+kubectl create secret tls sealed-secrets-key \
+  --cert=pub-cert.pem \
+  --key=private-key.pem \
+  --namespace=sealed-secrets
+```
+
+After that just restart the sealed-secrets pod to make sure it takes up the changes.
+
+```bash
+kubectl rollout restart deployment sealed-secrets -n sealed-secrets
+```
+
+Check the logs of the sealed-secrets pod after restart, and you should 
+see `sealed-secrets-key` registered as a private key in the logs. And thats it!
+
+
+## Explanation of Certificate Rotation
+
+So by default sealed secrets is going to make a tls cert in the `sealed-secrets`
+namespace. Its gonna be something like `sealed-secrets-key<nonce>`. It will generate
+one every 30 days (configurable value).
+
+*All secrets* are valid for decrypting secrets in the git repo. If you want it to decrypt
+older stuff, add the older cert as outlined above.
+

mkdocs.yaml

@@ -13,13 +13,22 @@ nav:
     - Setup Cluster: setup.md
   - User Documentation:
     - Overview: user/index.md
-    - Registering a mail account: user/mailcow.md
-    - Registering an account: user/account.md
-    - Requesting Media: user/request.md
-    - Downloading Media: user/download.md
+    - Accounts:
+      - Registering a mail account: user/mailcow.md
+      - Registering an account: user/account.md
+    - Media:
+      - Requesting Media: user/request.md
+      - Downloading Media: user/download.md
   - Technical:
-    - MetalLB: services/metallb.md
-    - Sealed Secrets: services/sealed-secrets.md
+    - Overview: technical/index.md
+    - Conventions: technical/conventions.md
+    - Infrastructure:
+      - MetalLB: technical/metallb.md
+      - Sealed Secrets: technical/sealed-secrets.md
+      - Nvidia Operator: technical/nvidia.md
+      - Longhorn: technical/longhorn.md
+    - Misc:
+      - NFS: technical/nfs-storage.md
 
 theme:
   name: material