From cfc871cce6aefaa0ff64619780a807cba761c6b2 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 30 Jan 2023 12:20:23 +0100
Subject: ...

---
 .sops.yaml | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 .sops.yaml

(limited to '.sops.yaml')

diff --git a/.sops.yaml b/.sops.yaml
new file mode 100644
index 00000000..268904a1
--- /dev/null
+++ b/.sops.yaml
@@ -0,0 +1,39 @@
+keys:
+  - &admin_gkleen 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51
+  - &machine_surtr age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq
+  - &machine_sif age1ure0athvtnaqqw48pe0y3upqdzmkaen9h70yggd9va4hva6avd8qqm6s4d # F1AF20B9511B63F681A14E8D51AEFBCD1DEF68F8
+  - &machine_vidhar age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l # A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362
+
+creation_rules:
+  - path_regex: ^hosts/surtr/vpn/surtr\.priv$
+    key_groups:
+      - age: [ *machine_surtr ]
+        pgp: [ *admin_gkleen ]
+  - path_regex: ^hosts/surtr/vpn/sif\.priv$
+    key_groups:
+      - age: [ *machine_sif ]
+        pgp: [ *admin_gkleen ]
+  - path_regex: ^hosts/surtr/email/ca/[^/]+.*$
+    key_groups:
+      - pgp: [ *admin_gkleen ]
+  - path_regex: ^hosts/surtr/vpn/[^/]+.*$
+  - path_regex: ^(.*/)?surtr(-private)?(/.+|\..+)?$
+    key_groups:
+      - age: [ *machine_surtr ]
+        pgp: [ *admin_gkleen ]
+  - path_regex: ^hosts/vidhar/borg/jotnar/ymir$
+    key_groups:
+      - pgp: [ *admin_gkleen ]
+  - path_regex: ^hosts/vidhar/borg/jotnar/[^/]+.*$
+  - path_regex: ^hosts/vidhar/(prometheus|pgbackrest)/ca/[^/]+.*$
+    key_groups:
+      - pgp: [ *admin_gkleen ]
+  - path_regex: ^(.*/)?vidhar(-private)?(/.+|\..+)?$
+    key_groups:
+      - age: [ *machine_vidhar ]
+        pgp: [ *admin_gkleen ]
+  - path_regex: ^(.*/)?sif(-private)?(/.+|\..+)?$
+    key_groups:
+      - age: [ *machine_sif ]
+        pgp: [ *admin_gkleen ]
+
-- 
cgit v1.2.3