nixos-config/.sops.yaml

141 lines
3.5 KiB
YAML
Raw Permalink Normal View History

# SPDX-FileCopyrightText: 2021-2024 Simon Bruder <simon@sbruder.de>
#
# SPDX-License-Identifier: CC0-1.0
2024-08-28 12:22:41 +02:00
keys: &all-keys
2024-01-22 01:30:48 +01:00
# sops does not (yet) support ADSKs,
# so all encryption subkeys have to be added manually
- &simon 6CD375BD0741F67E5A289BC333A01CBE0554C763 # offline
- &simon-alpha 0C8AF4B4320A511384DF6B5BB9BEFC7CC112A0C0
- &simon-beta 403215E0F99D2582C7055C512C77841620B8F380
- &nunotaba 8C5091AEA213FB0642BD46F943EE19743FAC1D5C
2024-01-22 01:13:01 +01:00
- &hitagi 17FEEBB45E4245330507C960653378F10CA6E00A
2023-04-27 21:08:38 +02:00
- &vueko 4EA330328CD0D3076E90960194DFA4953D8729DE
2021-04-10 11:58:50 +02:00
- &fuuko 2372651C56E22972C2D9F3F569C8187C9C43754E
2021-09-30 07:32:03 +02:00
- &mayushii 23EEDF49AAF1B41DCD1CD10F44A37FA8C15053B3
2023-12-31 12:54:51 +01:00
- &renge 06a917fc4a2a1b6b0f69a830285075cac85b7035
2022-06-09 17:38:24 +02:00
- &nunotaba 3176be14f468c6d43ab2206b4f273abccd49806b
- &okarin e7370b48016c961ef8ad792fda66b19d845b3156
2023-07-01 12:37:12 +02:00
- &shinobu 28677f2e3584b39f528a779caf445ebb39c882b7
2023-10-04 15:15:54 +02:00
- &nazuna 0b8be5d87a10a0e68dda97212c4befad1f9e915c
2024-01-02 23:26:46 +01:00
- &yuzuru a1ee5bc0249163a047440ef2649e770ec6ea16e4
2024-08-20 23:05:02 +02:00
- &koyomi 1f18a57e1d4e6716aed0e0cd71586b7a4c0c1a65
2024-07-19 11:50:11 +02:00
- &ci-runner 20e376b89b30327fb82f12e8e8b72d52c3aa39ee
2024-05-18 15:48:01 +02:00
- &hiroshi 2b9be9660662c6c979ca1149c982bdfd82863d09
creation_rules:
- path_regex: machines/nunotaba/secrets\.yaml$
key_groups:
- pgp:
- *simon
2024-01-22 01:30:48 +01:00
- *simon-alpha
- *simon-beta
- *nunotaba
2024-01-22 01:13:01 +01:00
- path_regex: machines/hitagi/secrets\.yaml$
2021-04-10 11:58:50 +02:00
key_groups:
- pgp:
- *simon
2024-01-22 01:30:48 +01:00
- *simon-alpha
- *simon-beta
2024-01-22 01:13:01 +01:00
- *hitagi
- path_regex: machines/vueko/secrets\.yaml$
key_groups:
- pgp:
- *simon
2024-01-22 01:30:48 +01:00
- *simon-alpha
- *simon-beta
- *vueko
- path_regex: machines/fuuko/secrets\.yaml$
key_groups:
- pgp:
- *simon
2024-01-22 01:30:48 +01:00
- *simon-alpha
- *simon-beta
- *fuuko
2021-09-30 07:32:03 +02:00
- path_regex: machines/mayushii/secrets\.yaml$
key_groups:
- pgp:
- *simon
2024-01-22 01:30:48 +01:00
- *simon-alpha
- *simon-beta
2021-09-30 07:32:03 +02:00
- *mayushii
2022-03-03 09:48:22 +01:00
- path_regex: machines/okarin/secrets\.yaml$
key_groups:
- pgp:
- *simon
2024-01-22 01:30:48 +01:00
- *simon-alpha
- *simon-beta
2022-03-03 09:48:22 +01:00
- *okarin
2022-03-23 15:03:08 +01:00
- path_regex: machines/renge/secrets\.yaml$
key_groups:
- pgp:
- *simon
2024-01-22 01:30:48 +01:00
- *simon-alpha
- *simon-beta
2022-03-23 15:03:08 +01:00
- *renge
2022-06-09 17:38:24 +02:00
- path_regex: machines/nunotaba/secrets\.yaml$
key_groups:
- pgp:
- *simon
2024-01-22 01:30:48 +01:00
- *simon-alpha
- *simon-beta
2022-06-09 17:38:24 +02:00
- *nunotaba
2023-07-01 12:37:12 +02:00
- path_regex: machines/shinobu/secrets\.yaml$
key_groups:
- pgp:
- *simon
2024-01-22 01:30:48 +01:00
- *simon-alpha
- *simon-beta
2023-07-01 12:37:12 +02:00
- *shinobu
2023-10-04 15:15:54 +02:00
- path_regex: machines/nazuna/secrets\.yaml$
key_groups:
- pgp:
- *simon
2024-01-22 01:30:48 +01:00
- *simon-alpha
- *simon-beta
2023-10-04 15:15:54 +02:00
- *nazuna
2024-01-02 23:26:46 +01:00
- path_regex: machines/yuzuru/secrets\.yaml$
key_groups:
- pgp:
- *simon
2024-01-22 01:30:48 +01:00
- *simon-alpha
- *simon-beta
2024-01-02 23:26:46 +01:00
- *yuzuru
2024-05-11 21:14:17 +02:00
- path_regex: machines/koyomi/secrets\.yaml$
key_groups:
- pgp:
- *simon
- *simon-alpha
- *simon-beta
- *koyomi
2024-07-19 11:50:11 +02:00
- path_regex: machines/ci-runner/secrets\.yaml$
key_groups:
- pgp:
- *simon
- *simon-alpha
- *simon-beta
- *ci-runner
2024-05-18 15:48:01 +02:00
- path_regex: machines/hiroshi/secrets\.yaml$
key_groups:
- pgp:
- *simon
- *simon-alpha
- *simon-beta
- *hiroshi
- path_regex: secrets\.yaml$
key_groups:
- pgp:
- *simon
2024-01-22 01:30:48 +01:00
- *simon-alpha
- *simon-beta
- *nunotaba
2024-01-22 01:13:01 +01:00
- *hitagi
- *vueko
- *fuuko
2021-09-30 07:32:03 +02:00
- *mayushii
2022-03-23 15:03:08 +01:00
- *renge
2024-05-11 21:14:17 +02:00
- *koyomi
2024-05-18 15:48:01 +02:00
- *hiroshi
2024-08-28 12:22:41 +02:00
- path_regex: secrets/local-mail\.yaml$
key_groups:
- pgp: *all-keys