...

author: Gregor Kleen <gkleen@yggdrasil.li> 2023-01-30 12:20:23 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2023-01-30 12:20:23 +0100
commit: cfc871cce6aefaa0ff64619780a807cba761c6b2 (patch)
tree: 965e8276ed36f11698b6c7d6eadab9f88d5f97c5 /.sops.yaml
parent: aa54fe89b98d354d21141c589332ce7950ef2e59 (diff)
download: nixos-cfc871cce6aefaa0ff64619780a807cba761c6b2.tar
nixos-cfc871cce6aefaa0ff64619780a807cba761c6b2.tar.gz
nixos-cfc871cce6aefaa0ff64619780a807cba761c6b2.tar.bz2
nixos-cfc871cce6aefaa0ff64619780a807cba761c6b2.tar.xz
nixos-cfc871cce6aefaa0ff64619780a807cba761c6b2.zip
1 files changed, 39 insertions, 0 deletions
diff --git a/.sops.yaml b/.sops.yaml
new file mode 100644
index 00000000..268904a1
--- /dev/null
+++ b/.sops.yaml
@@ -0,0 +1,39 @@
+keys:
+  - &admin_gkleen 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51
+  - &machine_surtr age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq
+  - &machine_sif age1ure0athvtnaqqw48pe0y3upqdzmkaen9h70yggd9va4hva6avd8qqm6s4d # F1AF20B9511B63F681A14E8D51AEFBCD1DEF68F8
+  - &machine_vidhar age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l # A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362
+creation_rules:
+  - path_regex: ^hosts/surtr/vpn/surtr\.priv$
+    key_groups:
+      - age: [ *machine_surtr ]
+        pgp: [ *admin_gkleen ]
+  - path_regex: ^hosts/surtr/vpn/sif\.priv$
+    key_groups:
+      - age: [ *machine_sif ]
+        pgp: [ *admin_gkleen ]
+  - path_regex: ^hosts/surtr/email/ca/[^/]+.*$
+    key_groups:
+      - pgp: [ *admin_gkleen ]
+  - path_regex: ^hosts/surtr/vpn/[^/]+.*$
+  - path_regex: ^(.*/)?surtr(-private)?(/.+|\..+)?$
+    key_groups:
+      - age: [ *machine_surtr ]
+        pgp: [ *admin_gkleen ]
+  - path_regex: ^hosts/vidhar/borg/jotnar/ymir$
+    key_groups:
+      - pgp: [ *admin_gkleen ]
+  - path_regex: ^hosts/vidhar/borg/jotnar/[^/]+.*$
+  - path_regex: ^hosts/vidhar/(prometheus|pgbackrest)/ca/[^/]+.*$
+    key_groups:
+      - pgp: [ *admin_gkleen ]
+  - path_regex: ^(.*/)?vidhar(-private)?(/.+|\..+)?$
+    key_groups:
+      - age: [ *machine_vidhar ]
+        pgp: [ *admin_gkleen ]
+  - path_regex: ^(.*/)?sif(-private)?(/.+|\..+)?$
+    key_groups:
+      - age: [ *machine_sif ]
+        pgp: [ *admin_gkleen ]
author	Gregor Kleen <gkleen@yggdrasil.li>	2023-01-30 12:20:23 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2023-01-30 12:20:23 +0100
commit	cfc871cce6aefaa0ff64619780a807cba761c6b2 (patch)
tree	965e8276ed36f11698b6c7d6eadab9f88d5f97c5 /.sops.yaml
parent	aa54fe89b98d354d21141c589332ce7950ef2e59 (diff)
download	nixos-cfc871cce6aefaa0ff64619780a807cba761c6b2.tar nixos-cfc871cce6aefaa0ff64619780a807cba761c6b2.tar.gz nixos-cfc871cce6aefaa0ff64619780a807cba761c6b2.tar.bz2 nixos-cfc871cce6aefaa0ff64619780a807cba761c6b2.tar.xz nixos-cfc871cce6aefaa0ff64619780a807cba761c6b2.zip

diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 00000000..268904a1 --- /dev/null +++ b/.sops.yaml
@@ -0,0 +1,39 @@
	1	keys:
	2	- &admin_gkleen 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51
	3	- &machine_surtr age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq
	4	- &machine_sif age1ure0athvtnaqqw48pe0y3upqdzmkaen9h70yggd9va4hva6avd8qqm6s4d # F1AF20B9511B63F681A14E8D51AEFBCD1DEF68F8
	5	- &machine_vidhar age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l # A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362
	6
	7	creation_rules:
	8	- path_regex: ^hosts/surtr/vpn/surtr\.priv$
	9	key_groups:
	10	- age: [ *machine_surtr ]
	11	pgp: [ *admin_gkleen ]
	12	- path_regex: ^hosts/surtr/vpn/sif\.priv$
	13	key_groups:
	14	- age: [ *machine_sif ]
	15	pgp: [ *admin_gkleen ]
	16	- path_regex: ^hosts/surtr/email/ca/[^/]+.*$
	17	key_groups:
	18	- pgp: [ *admin_gkleen ]
	19	- path_regex: ^hosts/surtr/vpn/[^/]+.*$
	20	- path_regex: ^(.*/)?surtr(-private)?(/.+\|\..+)?$
	21	key_groups:
	22	- age: [ *machine_surtr ]
	23	pgp: [ *admin_gkleen ]
	24	- path_regex: ^hosts/vidhar/borg/jotnar/ymir$
	25	key_groups:
	26	- pgp: [ *admin_gkleen ]
	27	- path_regex: ^hosts/vidhar/borg/jotnar/[^/]+.*$
	28	- path_regex: ^hosts/vidhar/(prometheus\|pgbackrest)/ca/[^/]+.*$
	29	key_groups:
	30	- pgp: [ *admin_gkleen ]
	31	- path_regex: ^(.*/)?vidhar(-private)?(/.+\|\..+)?$
	32	key_groups:
	33	- age: [ *machine_vidhar ]
	34	pgp: [ *admin_gkleen ]
	35	- path_regex: ^(.*/)?sif(-private)?(/.+\|\..+)?$
	36	key_groups:
	37	- age: [ *machine_sif ]
	38	pgp: [ *admin_gkleen ]
	39