nix-dotfiles/.sops.yaml

keys:
    # The PGP keys in keys/
    - &admin_alice 5EFFB75F7C9B74EAA5C4637547940175096C1330
    # Generate AGE keys from SSH keys with:
    #   ssh-keygen -A
    #   nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
    # cspell:disable
    - &artemision age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
    - &artemision-home age1t29a6z6cfy8m3cnc8uva0ey833vhcppue8psyumts7mtyf0zufcqvfshuc
    - &palatine-hill age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh
    - &selinunte age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
    # cspell:enable
# add new users by executing: sops users/<user>/secrets.yaml
# then have someone already in the repo run the below
#
# update keys by executing: sops updatekeys secrets.yaml
# note: add .* before \.yaml if you'd like to use the mergetool config
creation_rules:
    - path_regex: users/alice/secrets.*\.yaml$
      key_groups:
        - pgp:
            - *admin_alice
          age:
            - *palatine-hill
            - *artemision
            - *artemision-home
    - path_regex: systems/palatine-hill/secrets.*\.yaml$
      key_groups:
        - pgp:
            - *admin_alice
          age:
            - *palatine-hill
    - path_regex: systems/artemision/secrets.*\.yaml$
      key_groups:
        - pgp:
            - *admin_alice
          age:
            - *artemision
    - path_regex: systems/selinunte/secrets.*\.yaml$
      key_groups:
        - pgp:
            - *admin_alice
          age:
            - *artemision
            - *selinunte
    - path_regex: systems/palatine-hill/docker/wg/.*\.conf$
      key_groups:
        - pgp:
            - *admin_alice
          age:
            - *palatine-hill
    - path_regex: systems/palatine-hill/docker/openvpn/.*\.ovpn$
      key_groups:
        - pgp:
            - *admin_alice
          age:
            - *palatine-hill
sops and photon setup 2023-12-26 02:56:52 +01:00			`keys:`
format json/yml/sh 2025-03-13 17:50:03 -04:00			`# The PGP keys in keys/`
			`- &admin_alice 5EFFB75F7C9B74EAA5C4637547940175096C1330`
			`# Generate AGE keys from SSH keys with:`
			`# ssh-keygen -A`
			`# nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub \| ssh-to-age'`
			`# cspell:disable`
			`- &artemision age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2`
			`- &artemision-home age1t29a6z6cfy8m3cnc8uva0ey833vhcppue8psyumts7mtyf0zufcqvfshuc`
			`- &palatine-hill age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh`
add selinunte (desktop gaming system) Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2025-03-25 13:49:10 -04:00			`- &selinunte age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2`
format json/yml/sh 2025-03-13 17:50:03 -04:00			`# cspell:enable`
add instructions Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2023-12-29 14:25:01 -05:00			`# add new users by executing: sops users/<user>/secrets.yaml`
			`# then have someone already in the repo run the below`
			`#`
changes to dennis home.nix 2023-12-26 10:45:54 +01:00			`# update keys by executing: sops updatekeys secrets.yaml`
Add NUT to palatine-hill and add SOPS merging Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-04-27 20:48:44 -04:00			`# note: add .* before \.yaml if you'd like to use the mergetool config`
sops and photon setup 2023-12-26 02:56:52 +01:00			`creation_rules:`
format json/yml/sh 2025-03-13 17:50:03 -04:00			`- path_regex: users/alice/secrets.*\.yaml$`
			`key_groups:`
			`- pgp:`
update intel-media-sdk to vpl-gpu-rt 2025-08-01 00:16:57 -04:00			`- *admin_alice`
format json/yml/sh 2025-03-13 17:50:03 -04:00			`age:`
update intel-media-sdk to vpl-gpu-rt 2025-08-01 00:16:57 -04:00			`- *palatine-hill`
			`- *artemision`
			`- *artemision-home`
format json/yml/sh 2025-03-13 17:50:03 -04:00			`- path_regex: systems/palatine-hill/secrets.*\.yaml$`
			`key_groups:`
			`- pgp:`
update intel-media-sdk to vpl-gpu-rt 2025-08-01 00:16:57 -04:00			`- *admin_alice`
format json/yml/sh 2025-03-13 17:50:03 -04:00			`age:`
update intel-media-sdk to vpl-gpu-rt 2025-08-01 00:16:57 -04:00			`- *palatine-hill`
format json/yml/sh 2025-03-13 17:50:03 -04:00			`- path_regex: systems/artemision/secrets.*\.yaml$`
			`key_groups:`
			`- pgp:`
update intel-media-sdk to vpl-gpu-rt 2025-08-01 00:16:57 -04:00			`- *admin_alice`
format json/yml/sh 2025-03-13 17:50:03 -04:00			`age:`
update intel-media-sdk to vpl-gpu-rt 2025-08-01 00:16:57 -04:00			`- *artemision`
add selinunte (desktop gaming system) Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2025-03-25 13:49:10 -04:00			`- path_regex: systems/selinunte/secrets.*\.yaml$`
			`key_groups:`
			`- pgp:`
update intel-media-sdk to vpl-gpu-rt 2025-08-01 00:16:57 -04:00			`- *admin_alice`
add selinunte (desktop gaming system) Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2025-03-25 13:49:10 -04:00			`age:`
update intel-media-sdk to vpl-gpu-rt 2025-08-01 00:16:57 -04:00			`- *artemision`
			`- *selinunte`
format json/yml/sh 2025-03-13 17:50:03 -04:00			`- path_regex: systems/palatine-hill/docker/wg/.*\.conf$`
			`key_groups:`
			`- pgp:`
update intel-media-sdk to vpl-gpu-rt 2025-08-01 00:16:57 -04:00			`- *admin_alice`
format json/yml/sh 2025-03-13 17:50:03 -04:00			`age:`
update intel-media-sdk to vpl-gpu-rt 2025-08-01 00:16:57 -04:00			`- *palatine-hill`
add ovpn file Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2025-06-01 15:10:17 -04:00			`- path_regex: systems/palatine-hill/docker/openvpn/.*\.ovpn$`
			`key_groups:`
			`- pgp:`
update intel-media-sdk to vpl-gpu-rt 2025-08-01 00:16:57 -04:00			`- *admin_alice`
add ovpn file Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2025-06-01 15:10:17 -04:00			`age:`
update intel-media-sdk to vpl-gpu-rt 2025-08-01 00:16:57 -04:00			`- *palatine-hill`