key:
  # test -s ~/.config/sops/age/keys.txt || ( mkdir -p ~/.config/sops/age; age-keygen -o ~/.config/sops/age/keys.txt >/dev/null ); age-keygen -y ~/.config/sops/age/keys.txt
  - &user_pbsds_sopp age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
  - &user_pbsds_nord age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
  # ssh host cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
  - &host_sopp  age1zvqjaanff7x3f2a7853sd9ylna99khw4x6qfpf6am4yupsc44phsr2vfy3
  - &host_nox   age1zh3nmy2a7s2v7g9t7zg56p8sjqwmvqv5s7dn2v22x5nxyl5wfdcsaf5tw7
  - &host_bolle age14d0ahjjk02jyc25hhx9ws333r0yk5e06yf4ys8xhz2um7jp6qqaqfcdksg
  - &host_garp  age14qunhxz08gmw5r8ky0ez9rjf9dj3ue9hrzz580gwwj4cms46vd7ss4rutf
  - &host_nord  age19xrvt0gjl4fcfjyy62mrl9uuzrq9e0wgemtkykr07ewz7nqn9cwshngel5
creation_rules:
#  # global
#  - path_regex: secrets/default.yaml$
#    key_groups:
#    - age:
#      - *user_pbsds_sopp
#      - *user_pbsds_nord
#      - *host_sopp
#      - *host_nox
#      - *host_bolle
#      - *host_garp
#      - *host_nord
  # sopp only
  - path_regex: secrets/sopp(/[^/]+)?\.yaml$
    key_groups:
    - age:
      - *user_pbsds_sopp
      - *user_pbsds_nord
      - *host_sopp
  # nox only
  - path_regex: secrets/noximilien(/[^/]+)?\.yaml$
    key_groups:
    - age:
      - *user_pbsds_sopp
      - *user_pbsds_nord
      - *host_nox
  # bolle only
  - path_regex: secrets/bolle(/[^/]+)?\.yaml$
    key_groups:
    - age:
      - *user_pbsds_sopp
      - *user_pbsds_nord
      - *host_bolle
  # garp only
  - path_regex: secrets/garp(/[^/]+)?\.yaml$
    key_groups:
    - age:
      - *user_pbsds_sopp
      - *user_pbsds_nord
      - *host_garp
  # nord only
  - path_regex: secrets/nord(/[^/]+)?\.yaml$
    key_groups:
    - age:
      - *user_pbsds_sopp
      - *user_pbsds_nord
      - *host_nord