config/.sops.yaml

120 lines
3.5 KiB
YAML
Raw Normal View History

2023-10-15 03:35:35 +02:00
# sops updatekeys <fname>
keys: # https://github.com/getsops/sops/pull/1123
user_pbsds: &user_pbsds
2023-10-15 00:43:59 +02:00
# test -s ~/.config/sops/age/keys.txt || ( mkdir -p ~/.config/sops/age; age-keygen -o ~/.config/sops/age/keys.txt >/dev/null ); age-keygen -y ~/.config/sops/age/keys.txt
2023-11-20 22:25:09 +01:00
- &user_pbsds_sopp age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
- &user_pbsds_nord age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
- &user_pbsds_bjarte age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
2023-11-20 22:25:09 +01:00
- &user_pbsds_hm_pvv age1dws633vckj6aye9y5p0nv867v2y06j6cfeys87rsy6e8nq6dsfyqg0aksk
2023-10-15 03:35:35 +02:00
hosts: &hosts
2023-11-20 22:25:09 +01:00
# ssh $(remote-host) cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
- &host_sopp age1zvqjaanff7x3f2a7853sd9ylna99khw4x6qfpf6am4yupsc44phsr2vfy3
- &host_nox age1zh3nmy2a7s2v7g9t7zg56p8sjqwmvqv5s7dn2v22x5nxyl5wfdcsaf5tw7
- &host_bolle age14d0ahjjk02jyc25hhx9ws333r0yk5e06yf4ys8xhz2um7jp6qqaqfcdksg
- &host_garp age14qunhxz08gmw5r8ky0ez9rjf9dj3ue9hrzz580gwwj4cms46vd7ss4rutf
- &host_eple age1fha09v5edg88ys45a0u3tpjqfyl29fsy9xaz8xxfy60zjhmas5psfdxynp
- &host_nord age19xrvt0gjl4fcfjyy62mrl9uuzrq9e0wgemtkykr07ewz7nqn9cwshngel5
2024-04-16 06:50:01 +02:00
- &host_brumle age1czlqpfdvey2hzgr79skxvtg4stnfawq045l5sl59j0cd9hfuqvlq83v647 # brumlebasse
2024-04-20 00:38:55 +02:00
- &host_bjarte age13dmsned3exqn2wwwxa465vwmdtfuktk49gpshwtu0ujp94syzq5suj0a9w
2023-12-10 09:46:02 +01:00
2023-10-15 03:35:35 +02:00
# https://github.com/getsops/sops#key-groups
2023-10-15 00:43:59 +02:00
creation_rules:
2023-10-15 03:35:35 +02:00
# global
2024-10-19 18:45:45 +02:00
- path_regex: secrets/common.yaml$
2023-10-15 03:35:35 +02:00
key_groups:
- age:
- *user_pbsds_sopp
- *user_pbsds_nord
2023-11-20 22:25:09 +01:00
- *user_pbsds_bjarte
2023-10-15 03:35:35 +02:00
- *host_sopp
- *host_nox
- *host_bolle
- *host_garp
2023-11-20 22:25:09 +01:00
- *host_eple
2023-10-15 03:35:35 +02:00
- *host_nord
2024-04-16 06:50:01 +02:00
- *host_brumle
2024-04-20 00:38:55 +02:00
- *host_bjarte
2023-10-15 03:35:35 +02:00
# dns
- path_regex: secrets/dns.yaml$
key_groups:
- age:
- *user_pbsds_sopp
- *user_pbsds_nord
2023-11-20 22:25:09 +01:00
- *user_pbsds_bjarte
2023-10-15 03:35:35 +02:00
- *host_nox
- *host_bolle
- *host_garp
2023-11-20 22:25:09 +01:00
- *host_eple
2024-04-16 06:50:01 +02:00
- *host_brumle
2023-11-20 22:25:09 +01:00
# home-manager
- path_regex: secrets/user-pbsds.yaml$
key_groups:
- age:
- *user_pbsds_sopp
- *user_pbsds_nord
- *user_pbsds_bjarte
2023-10-15 00:43:59 +02:00
# sopp only
2024-10-19 18:45:45 +02:00
- path_regex: hosts/nixos/sopp/secrets.yaml
2023-10-15 00:43:59 +02:00
key_groups:
- age:
- *user_pbsds_sopp
- *user_pbsds_nord
2023-11-20 22:25:09 +01:00
- *user_pbsds_bjarte
2023-10-15 00:43:59 +02:00
- *host_sopp
# nox only
2024-10-19 18:45:45 +02:00
- path_regex: hosts/nixos/noximilien/secrets.yaml
2023-10-15 00:43:59 +02:00
key_groups:
- age:
- *user_pbsds_sopp
- *user_pbsds_nord
2023-11-20 22:25:09 +01:00
- *user_pbsds_bjarte
2023-10-15 00:43:59 +02:00
- *host_nox
# bolle only
2024-10-19 18:45:45 +02:00
- path_regex: hosts/nixos/bolle/secrets.yaml
2023-10-15 00:43:59 +02:00
key_groups:
- age:
- *user_pbsds_sopp
- *user_pbsds_nord
2023-11-20 22:25:09 +01:00
- *user_pbsds_bjarte
2023-10-15 00:43:59 +02:00
- *host_bolle
# garp only
2024-10-19 18:45:45 +02:00
- path_regex: hosts/nixos/garp/secrets.yaml
2023-10-15 00:43:59 +02:00
key_groups:
- age:
- *user_pbsds_sopp
- *user_pbsds_nord
2023-11-20 22:25:09 +01:00
- *user_pbsds_bjarte
2023-10-15 00:43:59 +02:00
- *host_garp
2023-11-20 22:25:09 +01:00
# eple only
2024-10-19 18:45:45 +02:00
- path_regex: hosts/nixos/eple/secrets.yaml
2023-11-20 22:25:09 +01:00
key_groups:
- age:
- *user_pbsds_sopp
- *user_pbsds_nord
- *user_pbsds_bjarte
- *host_eple
2023-10-15 00:43:59 +02:00
# nord only
2024-10-19 18:45:45 +02:00
- path_regex: hosts/nixos/nord/secrets.yaml
2023-10-15 00:43:59 +02:00
key_groups:
- age:
- *user_pbsds_sopp
- *user_pbsds_nord
2023-11-20 22:25:09 +01:00
- *user_pbsds_bjarte
2023-10-15 00:43:59 +02:00
- *host_nord
2024-04-20 00:38:55 +02:00
# bjarte only
2024-10-19 18:45:45 +02:00
- path_regex: hosts/nixos/bjarte/secrets.yaml
2024-04-20 00:38:55 +02:00
key_groups:
- age:
- *user_pbsds_sopp
- *user_pbsds_nord
- *user_pbsds_bjarte
- *host_bjarte
2024-04-16 06:50:01 +02:00
# brumlebasse only
2024-10-19 18:45:45 +02:00
- path_regex: hosts/nixos/brumlebasse/secrets.yaml
2024-04-16 06:50:01 +02:00
key_groups:
- age:
- *user_pbsds_sopp
- *user_pbsds_nord
- *user_pbsds_bjarte
- *host_brumle