summaryrefslogtreecommitdiff
path: root/.sops.yaml
blob: 268904a10c97b09aacae772f9c02814eb7a9bc75 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
keys:
  - &admin_gkleen 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51
  - &machine_surtr age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq
  - &machine_sif age1ure0athvtnaqqw48pe0y3upqdzmkaen9h70yggd9va4hva6avd8qqm6s4d # F1AF20B9511B63F681A14E8D51AEFBCD1DEF68F8
  - &machine_vidhar age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l # A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362

creation_rules:
  - path_regex: ^hosts/surtr/vpn/surtr\.priv$
    key_groups:
      - age: [ *machine_surtr ]
        pgp: [ *admin_gkleen ]
  - path_regex: ^hosts/surtr/vpn/sif\.priv$
    key_groups:
      - age: [ *machine_sif ]
        pgp: [ *admin_gkleen ]
  - path_regex: ^hosts/surtr/email/ca/[^/]+.*$
    key_groups:
      - pgp: [ *admin_gkleen ]
  - path_regex: ^hosts/surtr/vpn/[^/]+.*$
  - path_regex: ^(.*/)?surtr(-private)?(/.+|\..+)?$
    key_groups:
      - age: [ *machine_surtr ]
        pgp: [ *admin_gkleen ]
  - path_regex: ^hosts/vidhar/borg/jotnar/ymir$
    key_groups:
      - pgp: [ *admin_gkleen ]
  - path_regex: ^hosts/vidhar/borg/jotnar/[^/]+.*$
  - path_regex: ^hosts/vidhar/(prometheus|pgbackrest)/ca/[^/]+.*$
    key_groups:
      - pgp: [ *admin_gkleen ]
  - path_regex: ^(.*/)?vidhar(-private)?(/.+|\..+)?$
    key_groups:
      - age: [ *machine_vidhar ]
        pgp: [ *admin_gkleen ]
  - path_regex: ^(.*/)?sif(-private)?(/.+|\..+)?$
    key_groups:
      - age: [ *machine_sif ]
        pgp: [ *admin_gkleen ]