141 lines
3.5 KiB
YAML
141 lines
3.5 KiB
YAML
# SPDX-FileCopyrightText: 2021-2024 Simon Bruder <simon@sbruder.de>
|
|
#
|
|
# SPDX-License-Identifier: CC0-1.0
|
|
|
|
keys: &all-keys
|
|
# sops does not (yet) support ADSKs,
|
|
# so all encryption subkeys have to be added manually
|
|
- &simon 6CD375BD0741F67E5A289BC333A01CBE0554C763 # offline
|
|
- &simon-alpha 0C8AF4B4320A511384DF6B5BB9BEFC7CC112A0C0
|
|
- &simon-beta 403215E0F99D2582C7055C512C77841620B8F380
|
|
- &nunotaba 8C5091AEA213FB0642BD46F943EE19743FAC1D5C
|
|
- &hitagi 17FEEBB45E4245330507C960653378F10CA6E00A
|
|
- &vueko 4EA330328CD0D3076E90960194DFA4953D8729DE
|
|
- &fuuko 2372651C56E22972C2D9F3F569C8187C9C43754E
|
|
- &mayushii 23EEDF49AAF1B41DCD1CD10F44A37FA8C15053B3
|
|
- &renge 06a917fc4a2a1b6b0f69a830285075cac85b7035
|
|
- &nunotaba 3176be14f468c6d43ab2206b4f273abccd49806b
|
|
- &okarin e7370b48016c961ef8ad792fda66b19d845b3156
|
|
- &shinobu 28677f2e3584b39f528a779caf445ebb39c882b7
|
|
- &nazuna 0b8be5d87a10a0e68dda97212c4befad1f9e915c
|
|
- &yuzuru a1ee5bc0249163a047440ef2649e770ec6ea16e4
|
|
- &koyomi 1f18a57e1d4e6716aed0e0cd71586b7a4c0c1a65
|
|
- &ci-runner 20e376b89b30327fb82f12e8e8b72d52c3aa39ee
|
|
- &hiroshi 2b9be9660662c6c979ca1149c982bdfd82863d09
|
|
creation_rules:
|
|
- path_regex: machines/nunotaba/secrets\.yaml$
|
|
key_groups:
|
|
- pgp:
|
|
- *simon
|
|
- *simon-alpha
|
|
- *simon-beta
|
|
- *nunotaba
|
|
- path_regex: machines/hitagi/secrets\.yaml$
|
|
key_groups:
|
|
- pgp:
|
|
- *simon
|
|
- *simon-alpha
|
|
- *simon-beta
|
|
- *hitagi
|
|
- path_regex: machines/vueko/secrets\.yaml$
|
|
key_groups:
|
|
- pgp:
|
|
- *simon
|
|
- *simon-alpha
|
|
- *simon-beta
|
|
- *vueko
|
|
- path_regex: machines/fuuko/secrets\.yaml$
|
|
key_groups:
|
|
- pgp:
|
|
- *simon
|
|
- *simon-alpha
|
|
- *simon-beta
|
|
- *fuuko
|
|
- path_regex: machines/mayushii/secrets\.yaml$
|
|
key_groups:
|
|
- pgp:
|
|
- *simon
|
|
- *simon-alpha
|
|
- *simon-beta
|
|
- *mayushii
|
|
- path_regex: machines/okarin/secrets\.yaml$
|
|
key_groups:
|
|
- pgp:
|
|
- *simon
|
|
- *simon-alpha
|
|
- *simon-beta
|
|
- *okarin
|
|
- path_regex: machines/renge/secrets\.yaml$
|
|
key_groups:
|
|
- pgp:
|
|
- *simon
|
|
- *simon-alpha
|
|
- *simon-beta
|
|
- *renge
|
|
- path_regex: machines/nunotaba/secrets\.yaml$
|
|
key_groups:
|
|
- pgp:
|
|
- *simon
|
|
- *simon-alpha
|
|
- *simon-beta
|
|
- *nunotaba
|
|
- path_regex: machines/shinobu/secrets\.yaml$
|
|
key_groups:
|
|
- pgp:
|
|
- *simon
|
|
- *simon-alpha
|
|
- *simon-beta
|
|
- *shinobu
|
|
- path_regex: machines/nazuna/secrets\.yaml$
|
|
key_groups:
|
|
- pgp:
|
|
- *simon
|
|
- *simon-alpha
|
|
- *simon-beta
|
|
- *nazuna
|
|
- path_regex: machines/yuzuru/secrets\.yaml$
|
|
key_groups:
|
|
- pgp:
|
|
- *simon
|
|
- *simon-alpha
|
|
- *simon-beta
|
|
- *yuzuru
|
|
- path_regex: machines/koyomi/secrets\.yaml$
|
|
key_groups:
|
|
- pgp:
|
|
- *simon
|
|
- *simon-alpha
|
|
- *simon-beta
|
|
- *koyomi
|
|
- path_regex: machines/ci-runner/secrets\.yaml$
|
|
key_groups:
|
|
- pgp:
|
|
- *simon
|
|
- *simon-alpha
|
|
- *simon-beta
|
|
- *ci-runner
|
|
- path_regex: machines/hiroshi/secrets\.yaml$
|
|
key_groups:
|
|
- pgp:
|
|
- *simon
|
|
- *simon-alpha
|
|
- *simon-beta
|
|
- *hiroshi
|
|
- path_regex: secrets\.yaml$
|
|
key_groups:
|
|
- pgp:
|
|
- *simon
|
|
- *simon-alpha
|
|
- *simon-beta
|
|
- *nunotaba
|
|
- *hitagi
|
|
- *vueko
|
|
- *fuuko
|
|
- *mayushii
|
|
- *renge
|
|
- *koyomi
|
|
- *hiroshi
|
|
- path_regex: secrets/local-mail\.yaml$
|
|
key_groups:
|
|
- pgp: *all-keys
|