home

My NixOS systems configurations.
Log | Files | Refs | LICENSE

.sops.yaml (2018B)


      1 keys:
      2   - &vincent 8C4E8DDA04C18C6B503BD2DBB7E7CF1C634256FA
      3   - &aomi b14ab1e44008e7d4c39875324d5981054462545d
      4   - &wakasu 81f3a3b3720f8cab8c53e2f88fd25835fc9db1e6
      5   - &sakhalin 8b80ab02638ab9c34f6c21bd69928b5908e10cbf
      6   - &kerkouane b8b02c0885a74753f8fb53f031f0386f20f3e4ec
      7   - &shikoku c7ebcb8e935bda9466e98b1a659af87ff4f5ab02
      8   - &demeter 131c2eeb1c88c9b8bc76485df4c7efebe0e72441 # ssh root@demeter.home "cat /etc/ssh/ssh_host_rsa_key" | nix-shell -p ssh-to-pgp --run "ssh-to-pgp -o demeter.asc" 
      9   - &athena 73cb7209eb57f9450adbaa3a5cdf368d4cf82a42 # ssh root@athena.home "cat /etc/ssh/ssh_host_rsa_key" | nix-shell -p ssh-to-pgp --run "ssh-to-pgp -o demeter.asc" 
     10 creation_rules:
     11   - path_regex: secrets/servers/[^/]+\.yaml$
     12     key_groups:
     13     - pgp:
     14       - *vincent
     15       - *wakasu
     16       - *sakhalin
     17       - *kerkouane
     18       - *shikoku
     19       - *athena
     20       - *demeter
     21   - path_regex: secrets/desktops/[^/]+\.yaml$
     22     key_groups:
     23     - pgp:
     24       - *vincent
     25       - *aomi
     26       - *wakasu
     27   - path_regex: secrets/wakasu/[^/]+\.yaml$
     28     key_groups:
     29     - pgp:
     30       - *vincent
     31       - *wakasu
     32   - path_regex: secrets/aomi/[^/]+\.yaml$
     33     key_groups:
     34     - pgp:
     35       - *vincent
     36       - *aomi
     37   - path_regex: secrets/sakhalin/[^/]+\.yaml$
     38     key_groups:
     39     - pgp:
     40       - *vincent
     41       - *sakhalin
     42   - path_regex: secrets/kerkouane/[^/]+\.yaml$
     43     key_groups:
     44     - pgp:
     45       - *vincent
     46       - *kerkouane
     47   - path_regex: secrets/shikoku/[^/]+\.yaml$
     48     key_groups:
     49     - pgp:
     50       - *vincent
     51       - *shikoku
     52   - path_regex: secrets/athena/[^/]+\.yaml$
     53     key_groups:
     54     - pgp:
     55       - *vincent
     56       - *athena
     57   - path_regex: secrets/demeter/[^/]+\.yaml$
     58     key_groups:
     59     - pgp:
     60       - *vincent
     61       - *demeter
     62   - path_regex: secrets/k8s/[^/]+\.yaml$
     63     key_groups:
     64     - pgp:
     65       - *vincent
     66   - path_regex: secrets/[^/]+\.yaml$
     67     key_groups:
     68     - pgp:
     69       - *vincent
     70       - *aomi
     71       - *wakasu
     72       - *sakhalin
     73       - *kerkouane
     74       - *shikoku
     75       - *athena
     76       - *demeter