forked from badele/nix-homelab
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.sops.yaml
90 lines (79 loc) · 2.25 KB
/
.sops.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
keys:
# Users
- &users: # nix-shell -p age --run 'age-keygen'
- &badele age15js628ku59g94njn0vup20r4xx34guesgsj5dqsken5hma2zqg2szjed66
- &demo age1x703g2zquc2uv5lzz79rvj3m9g868wft6lp8g5sp9qsnaa3ld5esas4nqk
# Hosts
- &hosts: # just nixos-init-host <HOST>
- &rpi40 age152ud7upe5xylsvf7kkfpdz6x99r6hcmkam8gwntfdv0px70f0u0sqzc8qe
- &sadhome age1qfarvkm9ejyfu785vmawj5vve3uffsh7r78pef4ec3njl9vfgs2sx3524g
- &sam age1x363tjjzx6j77j3m4zynkjgyj38qcyf4wah5mc8mtjt5yt6zvgxqr3z7px
- &bootstore age1ejza6f2xzycq7jj2eu8fyg5vjdctljttm67mfteyd4k7wzvdyc8s7sc8jh
- &badxps age1w9v05mvydywp39cq8tmgxjh8yc2w86qpp9aa4zt9ukf0qq8n5y4s5tkn7z
- &b4d14 age1r7d0v4nudrv9wy7rvh784lnmzspm24uja6c6hrhhwjy7qf4e5d5q04gf3x
- &srvhoma age1jldv57mqz6ahwcm62efelumv22ngyvxjff8736shx9kycu9z7a4q7a3xdl
- &demovm age1j9szuan8nt709ewa5f6vlkhde0zg2kmlfccqarfu74dhg2a5h3jsrhxg2g
creation_rules:
- path_regex: users/badele/secrets.yml$
key_groups:
- age:
- *badele
- *badxps
- *b4d14
- path_regex: hosts/secrets.yml$
key_groups:
- age:
- *badele
- *badxps
- *bootstore
- *rpi40
- *sadhome
- *sam
- *b4d14
- *srvhoma
- path_regex: hosts/rpi40/secrets.yml$
key_groups:
- age:
- *badele
- *rpi40
- path_regex: hosts/bootstore/secrets.yml$
key_groups:
- age:
- *badele
- *bootstore
- path_regex: hosts/sadhome/secrets.yml$
key_groups:
- age:
- *badele
- *sadhome
- path_regex: hosts/sam.yml$
key_groups:
- age:
- *badele
- *sam
- path_regex: hosts/badxps/secrets.yml$
key_groups:
- age:
- *badele
- *badxps
- path_regex: hosts/b4d14/secrets.yml$
key_groups:
- age:
- *badele
- *b4d14
- path_regex: hosts/srvhoma/secrets.yml$
key_groups:
- age:
- *badele
- *srvhoma
# Tempory test credential before encryption
- path_regex: hosts/demovm/secrets.tmp$
key_groups:
- age:
- *demo
- *demovm
- path_regex: hosts/demovm/secrets.yml$
key_groups:
- age:
- *demo
- *demovm