nixos-config/.sops.yaml

141 lines
3.5 KiB
YAML

# SPDX-FileCopyrightText: 2021-2024 Simon Bruder <simon@sbruder.de>
#
# SPDX-License-Identifier: CC0-1.0
keys: &all-keys
# sops does not (yet) support ADSKs,
# so all encryption subkeys have to be added manually
- &simon 6CD375BD0741F67E5A289BC333A01CBE0554C763 # offline
- &simon-alpha 0C8AF4B4320A511384DF6B5BB9BEFC7CC112A0C0
- &simon-beta 403215E0F99D2582C7055C512C77841620B8F380
- &nunotaba 8C5091AEA213FB0642BD46F943EE19743FAC1D5C
- &hitagi 17FEEBB45E4245330507C960653378F10CA6E00A
- &vueko 4EA330328CD0D3076E90960194DFA4953D8729DE
- &fuuko 2372651C56E22972C2D9F3F569C8187C9C43754E
- &mayushii 23EEDF49AAF1B41DCD1CD10F44A37FA8C15053B3
- &renge 06a917fc4a2a1b6b0f69a830285075cac85b7035
- &nunotaba 3176be14f468c6d43ab2206b4f273abccd49806b
- &okarin e7370b48016c961ef8ad792fda66b19d845b3156
- &shinobu 28677f2e3584b39f528a779caf445ebb39c882b7
- &nazuna 0b8be5d87a10a0e68dda97212c4befad1f9e915c
- &yuzuru a1ee5bc0249163a047440ef2649e770ec6ea16e4
- &koyomi 1f18a57e1d4e6716aed0e0cd71586b7a4c0c1a65
- &ci-runner 20e376b89b30327fb82f12e8e8b72d52c3aa39ee
- &hiroshi 2b9be9660662c6c979ca1149c982bdfd82863d09
creation_rules:
- path_regex: machines/nunotaba/secrets\.yaml$
key_groups:
- pgp:
- *simon
- *simon-alpha
- *simon-beta
- *nunotaba
- path_regex: machines/hitagi/secrets\.yaml$
key_groups:
- pgp:
- *simon
- *simon-alpha
- *simon-beta
- *hitagi
- path_regex: machines/vueko/secrets\.yaml$
key_groups:
- pgp:
- *simon
- *simon-alpha
- *simon-beta
- *vueko
- path_regex: machines/fuuko/secrets\.yaml$
key_groups:
- pgp:
- *simon
- *simon-alpha
- *simon-beta
- *fuuko
- path_regex: machines/mayushii/secrets\.yaml$
key_groups:
- pgp:
- *simon
- *simon-alpha
- *simon-beta
- *mayushii
- path_regex: machines/okarin/secrets\.yaml$
key_groups:
- pgp:
- *simon
- *simon-alpha
- *simon-beta
- *okarin
- path_regex: machines/renge/secrets\.yaml$
key_groups:
- pgp:
- *simon
- *simon-alpha
- *simon-beta
- *renge
- path_regex: machines/nunotaba/secrets\.yaml$
key_groups:
- pgp:
- *simon
- *simon-alpha
- *simon-beta
- *nunotaba
- path_regex: machines/shinobu/secrets\.yaml$
key_groups:
- pgp:
- *simon
- *simon-alpha
- *simon-beta
- *shinobu
- path_regex: machines/nazuna/secrets\.yaml$
key_groups:
- pgp:
- *simon
- *simon-alpha
- *simon-beta
- *nazuna
- path_regex: machines/yuzuru/secrets\.yaml$
key_groups:
- pgp:
- *simon
- *simon-alpha
- *simon-beta
- *yuzuru
- path_regex: machines/koyomi/secrets\.yaml$
key_groups:
- pgp:
- *simon
- *simon-alpha
- *simon-beta
- *koyomi
- path_regex: machines/ci-runner/secrets\.yaml$
key_groups:
- pgp:
- *simon
- *simon-alpha
- *simon-beta
- *ci-runner
- path_regex: machines/hiroshi/secrets\.yaml$
key_groups:
- pgp:
- *simon
- *simon-alpha
- *simon-beta
- *hiroshi
- path_regex: secrets\.yaml$
key_groups:
- pgp:
- *simon
- *simon-alpha
- *simon-beta
- *nunotaba
- *hitagi
- *vueko
- *fuuko
- *mayushii
- *renge
- *koyomi
- *hiroshi
- path_regex: secrets/local-mail\.yaml$
key_groups:
- pgp: *all-keys