nixos-config/.sops.yaml

# SPDX-FileCopyrightText: 2021-2024 Simon Bruder <simon@sbruder.de>
#
# SPDX-License-Identifier: CC0-1.0

keys:
  # sops does not (yet) support ADSKs,
  # so all encryption subkeys have to be added manually
  - &simon 6CD375BD0741F67E5A289BC333A01CBE0554C763 # offline
  - &simon-alpha 0C8AF4B4320A511384DF6B5BB9BEFC7CC112A0C0
  - &simon-beta 403215E0F99D2582C7055C512C77841620B8F380
  - &nunotaba 8C5091AEA213FB0642BD46F943EE19743FAC1D5C
  - &hitagi 17FEEBB45E4245330507C960653378F10CA6E00A
  - &vueko 4EA330328CD0D3076E90960194DFA4953D8729DE
  - &fuuko 2372651C56E22972C2D9F3F569C8187C9C43754E
  - &mayushii 23EEDF49AAF1B41DCD1CD10F44A37FA8C15053B3
  - &renge 06a917fc4a2a1b6b0f69a830285075cac85b7035
  - &nunotaba 3176be14f468c6d43ab2206b4f273abccd49806b
  - &okarin e7370b48016c961ef8ad792fda66b19d845b3156
  - &shinobu 28677f2e3584b39f528a779caf445ebb39c882b7
  - &nazuna 0b8be5d87a10a0e68dda97212c4befad1f9e915c
  - &yuzuru a1ee5bc0249163a047440ef2649e770ec6ea16e4
  - &koyomi a53d4ca8d2cf54613822c81d660e69babee42643
  - &ci-runner 20e376b89b30327fb82f12e8e8b72d52c3aa39ee
creation_rules:
  - path_regex: machines/nunotaba/secrets\.yaml$
    key_groups:
    - pgp:
      - *simon
      - *simon-alpha
      - *simon-beta
      - *nunotaba
  - path_regex: machines/hitagi/secrets\.yaml$
    key_groups:
    - pgp:
      - *simon
      - *simon-alpha
      - *simon-beta
      - *hitagi
  - path_regex: machines/vueko/secrets\.yaml$
    key_groups:
    - pgp:
      - *simon
      - *simon-alpha
      - *simon-beta
      - *vueko
  - path_regex: machines/fuuko/secrets\.yaml$
    key_groups:
    - pgp:
      - *simon
      - *simon-alpha
      - *simon-beta
      - *fuuko
  - path_regex: machines/mayushii/secrets\.yaml$
    key_groups:
    - pgp:
      - *simon
      - *simon-alpha
      - *simon-beta
      - *mayushii
  - path_regex: machines/okarin/secrets\.yaml$
    key_groups:
    - pgp:
      - *simon
      - *simon-alpha
      - *simon-beta
      - *okarin
  - path_regex: machines/renge/secrets\.yaml$
    key_groups:
    - pgp:
      - *simon
      - *simon-alpha
      - *simon-beta
      - *renge
  - path_regex: machines/nunotaba/secrets\.yaml$
    key_groups:
    - pgp:
      - *simon
      - *simon-alpha
      - *simon-beta
      - *nunotaba
  - path_regex: machines/shinobu/secrets\.yaml$
    key_groups:
    - pgp:
      - *simon
      - *simon-alpha
      - *simon-beta
      - *shinobu
  - path_regex: machines/nazuna/secrets\.yaml$
    key_groups:
    - pgp:
      - *simon
      - *simon-alpha
      - *simon-beta
      - *nazuna
  - path_regex: machines/yuzuru/secrets\.yaml$
    key_groups:
    - pgp:
      - *simon
      - *simon-alpha
      - *simon-beta
      - *yuzuru
  - path_regex: machines/koyomi/secrets\.yaml$
    key_groups:
    - pgp:
      - *simon
      - *simon-alpha
      - *simon-beta
      - *koyomi
  - path_regex: machines/ci-runner/secrets\.yaml$
    key_groups:
    - pgp:
      - *simon
      - *simon-alpha
      - *simon-beta
      - *ci-runner
  - path_regex: secrets\.yaml$
    key_groups:
    - pgp:
      - *simon
      - *simon-alpha
      - *simon-beta
      - *nunotaba
      - *hitagi
      - *vueko
      - *fuuko
      - *mayushii
      - *renge
      - *koyomi
Relicense This applies the REUSE specification to the repository, so the licensing information can be tracked for every file individually. 2024-01-06 01:19:35 +01:00			`# SPDX-FileCopyrightText: 2021-2024 Simon Bruder <simon@sbruder.de>`
			`#`
			`# SPDX-License-Identifier: CC0-1.0`

Use sops for secrets Since I currently do not have access to sayuri, sayuri’s migration is not done yet. The host keys and wg-home-private-key secret still have to be added. 2021-03-01 15:27:18 +01:00			`keys:`
sops: Switch to new PGP key 2024-01-22 01:30:48 +01:00			`# sops does not (yet) support ADSKs,`
			`# so all encryption subkeys have to be added manually`
			`- &simon 6CD375BD0741F67E5A289BC333A01CBE0554C763 # offline`
			`- &simon-alpha 0C8AF4B4320A511384DF6B5BB9BEFC7CC112A0C0`
			`- &simon-beta 403215E0F99D2582C7055C512C77841620B8F380`
Use sops for secrets Since I currently do not have access to sayuri, sayuri’s migration is not done yet. The host keys and wg-home-private-key secret still have to be added. 2021-03-01 15:27:18 +01:00			`- &nunotaba 8C5091AEA213FB0642BD46F943EE19743FAC1D5C`
sops: Fix hitagi’s name 2024-01-22 01:13:01 +01:00			`- &hitagi 17FEEBB45E4245330507C960653378F10CA6E00A`
vueko: Migrate to new server 2023-04-27 21:08:38 +02:00			`- &vueko 4EA330328CD0D3076E90960194DFA4953D8729DE`
sayuri: Migrate to sops Fixes #38. 2021-04-10 11:58:50 +02:00			`- &fuuko 2372651C56E22972C2D9F3F569C8187C9C43754E`
mayushii: Init 2021-09-30 07:32:03 +02:00			`- &mayushii 23EEDF49AAF1B41DCD1CD10F44A37FA8C15053B3`
renge: Migrate to larger server 2023-12-31 12:54:51 +01:00			`- &renge 06a917fc4a2a1b6b0f69a830285075cac85b7035`
nunotaba: Re-init 2022-06-09 17:38:24 +02:00			`- &nunotaba 3176be14f468c6d43ab2206b4f273abccd49806b`
okarin: Migrate to different VPS Previously, it was hosted on Ionos’s VMware-based infrastructure. I already had a VPS on their new KVM-based infrastructure, as I was planning to migrate okarin to it eventually (as it is cheaper). However, the new infrastructure does not offer PTR records for IPv6 addresses. Therefore, I was waiting until they would implement that feature (as the support promised me they would to in the near future). However, they are now migrating the (at least my) guests from their VMware hypervisors onto the KVM ones, assigning new IPv6 addresses to them. This makes the old VPS essentially the same as the old one, but with less memory and more expensive. So I decided to migrate now. 2023-12-21 15:06:16 +01:00			`- &okarin e7370b48016c961ef8ad792fda66b19d845b3156`
shinobu: Init 2023-07-01 12:37:12 +02:00			`- &shinobu 28677f2e3584b39f528a779caf445ebb39c882b7`
nazuna: Init 2023-10-04 15:15:54 +02:00			`- &nazuna 0b8be5d87a10a0e68dda97212c4befad1f9e915c`
yuzuru: Init 2024-01-02 23:26:46 +01:00			`- &yuzuru a1ee5bc0249163a047440ef2649e770ec6ea16e4`
koyomi: Init 2024-05-11 21:14:17 +02:00			`- &koyomi a53d4ca8d2cf54613822c81d660e69babee42643`
ci-runner: Init 2024-07-19 11:50:11 +02:00			`- &ci-runner 20e376b89b30327fb82f12e8e8b72d52c3aa39ee`
Use sops for secrets Since I currently do not have access to sayuri, sayuri’s migration is not done yet. The host keys and wg-home-private-key secret still have to be added. 2021-03-01 15:27:18 +01:00			`creation_rules:`
			`- path_regex: machines/nunotaba/secrets\.yaml$`
			`key_groups:`
			`- pgp:`
			`- *simon`
sops: Switch to new PGP key 2024-01-22 01:30:48 +01:00			`- *simon-alpha`
			`- *simon-beta`
Use sops for secrets Since I currently do not have access to sayuri, sayuri’s migration is not done yet. The host keys and wg-home-private-key secret still have to be added. 2021-03-01 15:27:18 +01:00			`- *nunotaba`
sops: Fix hitagi’s name 2024-01-22 01:13:01 +01:00			`- path_regex: machines/hitagi/secrets\.yaml$`
sayuri: Migrate to sops Fixes #38. 2021-04-10 11:58:50 +02:00			`key_groups:`
			`- pgp:`
			`- *simon`
sops: Switch to new PGP key 2024-01-22 01:30:48 +01:00			`- *simon-alpha`
			`- *simon-beta`
sops: Fix hitagi’s name 2024-01-22 01:13:01 +01:00			`- *hitagi`
Use sops for secrets Since I currently do not have access to sayuri, sayuri’s migration is not done yet. The host keys and wg-home-private-key secret still have to be added. 2021-03-01 15:27:18 +01:00			`- path_regex: machines/vueko/secrets\.yaml$`
			`key_groups:`
			`- pgp:`
			`- *simon`
sops: Switch to new PGP key 2024-01-22 01:30:48 +01:00			`- *simon-alpha`
			`- *simon-beta`
Use sops for secrets Since I currently do not have access to sayuri, sayuri’s migration is not done yet. The host keys and wg-home-private-key secret still have to be added. 2021-03-01 15:27:18 +01:00			`- *vueko`
			`- path_regex: machines/fuuko/secrets\.yaml$`
			`key_groups:`
			`- pgp:`
			`- *simon`
sops: Switch to new PGP key 2024-01-22 01:30:48 +01:00			`- *simon-alpha`
			`- *simon-beta`
Use sops for secrets Since I currently do not have access to sayuri, sayuri’s migration is not done yet. The host keys and wg-home-private-key secret still have to be added. 2021-03-01 15:27:18 +01:00			`- *fuuko`
mayushii: Init 2021-09-30 07:32:03 +02:00			`- path_regex: machines/mayushii/secrets\.yaml$`
			`key_groups:`
			`- pgp:`
			`- *simon`
sops: Switch to new PGP key 2024-01-22 01:30:48 +01:00			`- *simon-alpha`
			`- *simon-beta`
mayushii: Init 2021-09-30 07:32:03 +02:00			`- *mayushii`
okarin: Init 2022-03-03 09:48:22 +01:00			`- path_regex: machines/okarin/secrets\.yaml$`
			`key_groups:`
			`- pgp:`
			`- *simon`
sops: Switch to new PGP key 2024-01-22 01:30:48 +01:00			`- *simon-alpha`
			`- *simon-beta`
okarin: Init 2022-03-03 09:48:22 +01:00			`- *okarin`
renge: Init 2022-03-23 15:03:08 +01:00			`- path_regex: machines/renge/secrets\.yaml$`
			`key_groups:`
			`- pgp:`
			`- *simon`
sops: Switch to new PGP key 2024-01-22 01:30:48 +01:00			`- *simon-alpha`
			`- *simon-beta`
renge: Init 2022-03-23 15:03:08 +01:00			`- *renge`
nunotaba: Re-init 2022-06-09 17:38:24 +02:00			`- path_regex: machines/nunotaba/secrets\.yaml$`
			`key_groups:`
			`- pgp:`
			`- *simon`
sops: Switch to new PGP key 2024-01-22 01:30:48 +01:00			`- *simon-alpha`
			`- *simon-beta`
nunotaba: Re-init 2022-06-09 17:38:24 +02:00			`- *nunotaba`
shinobu: Init 2023-07-01 12:37:12 +02:00			`- path_regex: machines/shinobu/secrets\.yaml$`
			`key_groups:`
			`- pgp:`
			`- *simon`
sops: Switch to new PGP key 2024-01-22 01:30:48 +01:00			`- *simon-alpha`
			`- *simon-beta`
shinobu: Init 2023-07-01 12:37:12 +02:00			`- *shinobu`
nazuna: Init 2023-10-04 15:15:54 +02:00			`- path_regex: machines/nazuna/secrets\.yaml$`
			`key_groups:`
			`- pgp:`
			`- *simon`
sops: Switch to new PGP key 2024-01-22 01:30:48 +01:00			`- *simon-alpha`
			`- *simon-beta`
nazuna: Init 2023-10-04 15:15:54 +02:00			`- *nazuna`
yuzuru: Init 2024-01-02 23:26:46 +01:00			`- path_regex: machines/yuzuru/secrets\.yaml$`
			`key_groups:`
			`- pgp:`
			`- *simon`
sops: Switch to new PGP key 2024-01-22 01:30:48 +01:00			`- *simon-alpha`
			`- *simon-beta`
yuzuru: Init 2024-01-02 23:26:46 +01:00			`- *yuzuru`
koyomi: Init 2024-05-11 21:14:17 +02:00			`- path_regex: machines/koyomi/secrets\.yaml$`
			`key_groups:`
			`- pgp:`
			`- *simon`
			`- *simon-alpha`
			`- *simon-beta`
			`- *koyomi`
ci-runner: Init 2024-07-19 11:50:11 +02:00			`- path_regex: machines/ci-runner/secrets\.yaml$`
			`key_groups:`
			`- pgp:`
			`- *simon`
			`- *simon-alpha`
			`- *simon-beta`
			`- *ci-runner`
Use sops for secrets Since I currently do not have access to sayuri, sayuri’s migration is not done yet. The host keys and wg-home-private-key secret still have to be added. 2021-03-01 15:27:18 +01:00			`- path_regex: secrets\.yaml$`
			`key_groups:`
			`- pgp:`
			`- *simon`
sops: Switch to new PGP key 2024-01-22 01:30:48 +01:00			`- *simon-alpha`
			`- *simon-beta`
Use sops for secrets Since I currently do not have access to sayuri, sayuri’s migration is not done yet. The host keys and wg-home-private-key secret still have to be added. 2021-03-01 15:27:18 +01:00			`- *nunotaba`
sops: Fix hitagi’s name 2024-01-22 01:13:01 +01:00			`- *hitagi`
Use sops for secrets Since I currently do not have access to sayuri, sayuri’s migration is not done yet. The host keys and wg-home-private-key secret still have to be added. 2021-03-01 15:27:18 +01:00			`- *vueko`
			`- *fuuko`
mayushii: Init 2021-09-30 07:32:03 +02:00			`- *mayushii`
renge: Init 2022-03-23 15:03:08 +01:00			`- *renge`
koyomi: Init 2024-05-11 21:14:17 +02:00			`- *koyomi`