2023-10-15 03:35:35 +02:00
|
|
|
# sops updatekeys <fname>
|
|
|
|
keys: # https://github.com/getsops/sops/pull/1123
|
|
|
|
user_pbsds: &user_pbsds
|
2023-10-15 00:43:59 +02:00
|
|
|
# test -s ~/.config/sops/age/keys.txt || ( mkdir -p ~/.config/sops/age; age-keygen -o ~/.config/sops/age/keys.txt >/dev/null ); age-keygen -y ~/.config/sops/age/keys.txt
|
|
|
|
- &user_pbsds_sopp age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
|
|
|
|
- &user_pbsds_nord age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
|
2023-10-15 03:35:35 +02:00
|
|
|
hosts: &hosts
|
2023-10-15 00:43:59 +02:00
|
|
|
# ssh host cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
|
|
|
|
- &host_sopp age1zvqjaanff7x3f2a7853sd9ylna99khw4x6qfpf6am4yupsc44phsr2vfy3
|
|
|
|
- &host_nox age1zh3nmy2a7s2v7g9t7zg56p8sjqwmvqv5s7dn2v22x5nxyl5wfdcsaf5tw7
|
|
|
|
- &host_bolle age14d0ahjjk02jyc25hhx9ws333r0yk5e06yf4ys8xhz2um7jp6qqaqfcdksg
|
|
|
|
- &host_garp age14qunhxz08gmw5r8ky0ez9rjf9dj3ue9hrzz580gwwj4cms46vd7ss4rutf
|
|
|
|
- &host_nord age19xrvt0gjl4fcfjyy62mrl9uuzrq9e0wgemtkykr07ewz7nqn9cwshngel5
|
2023-10-15 03:35:35 +02:00
|
|
|
# https://github.com/getsops/sops#key-groups
|
2023-10-15 00:43:59 +02:00
|
|
|
creation_rules:
|
2023-10-15 03:35:35 +02:00
|
|
|
# global
|
|
|
|
- path_regex: secrets/default.yaml$
|
|
|
|
key_groups:
|
|
|
|
- age:
|
|
|
|
- *user_pbsds_sopp
|
|
|
|
- *user_pbsds_nord
|
|
|
|
- *host_sopp
|
|
|
|
- *host_nox
|
|
|
|
- *host_bolle
|
|
|
|
- *host_garp
|
|
|
|
- *host_nord
|
|
|
|
# dns
|
|
|
|
- path_regex: secrets/dns.yaml$
|
|
|
|
key_groups:
|
|
|
|
- age:
|
|
|
|
- *user_pbsds_sopp
|
|
|
|
- *user_pbsds_nord
|
|
|
|
- *host_nox
|
|
|
|
- *host_bolle
|
|
|
|
- *host_garp
|
2023-10-15 00:43:59 +02:00
|
|
|
# sopp only
|
|
|
|
- path_regex: secrets/sopp(/[^/]+)?\.yaml$
|
|
|
|
key_groups:
|
|
|
|
- age:
|
|
|
|
- *user_pbsds_sopp
|
|
|
|
- *user_pbsds_nord
|
|
|
|
- *host_sopp
|
|
|
|
# nox only
|
|
|
|
- path_regex: secrets/noximilien(/[^/]+)?\.yaml$
|
|
|
|
key_groups:
|
|
|
|
- age:
|
|
|
|
- *user_pbsds_sopp
|
|
|
|
- *user_pbsds_nord
|
|
|
|
- *host_nox
|
|
|
|
# bolle only
|
|
|
|
- path_regex: secrets/bolle(/[^/]+)?\.yaml$
|
|
|
|
key_groups:
|
|
|
|
- age:
|
|
|
|
- *user_pbsds_sopp
|
|
|
|
- *user_pbsds_nord
|
|
|
|
- *host_bolle
|
|
|
|
# garp only
|
|
|
|
- path_regex: secrets/garp(/[^/]+)?\.yaml$
|
|
|
|
key_groups:
|
|
|
|
- age:
|
|
|
|
- *user_pbsds_sopp
|
|
|
|
- *user_pbsds_nord
|
|
|
|
- *host_garp
|
|
|
|
# nord only
|
|
|
|
- path_regex: secrets/nord(/[^/]+)?\.yaml$
|
|
|
|
key_groups:
|
|
|
|
- age:
|
|
|
|
- *user_pbsds_sopp
|
|
|
|
- *user_pbsds_nord
|
|
|
|
- *host_nord
|