nix-dotfiles/.sops.yaml

keys:
  # The PGP keys in keys/
  - &admin_alice F63832C3080D6E1AC77EECF80B4245FFE305BC82
  - &admin_dennis 8F79E6CD6434700615867480D11A514F5095BFA8
  - &admin_richie 29F5017C95D9E60B1B1E8407072B0E0B8312DFE3

  # Generate AGE keys from SSH keys with:
  #   nix-shell -p ssh-to-age --run 'ssh some.ssh.wavelens.io cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
  - &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
  - &photon age13aqs2mx66dmnyd74sygnwavufv6a4pwnvcqj4ud4l94jk0tjgu6ss57slw
  - &jeeves-jr age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh

admins: &admins
  - *admin_alice
  - *admin_dennis
  - *admin_richie

servers: &servers
  - *palatine-hill
  - *photon
  - *jeeves-jr

# add new users by executing: sops users/<user>/secrets.yaml
# then have someone already in the repo run the below
#
# update keys by executing: sops updatekeys secrets.yaml
creation_rules:
  - path_regex: systems/jeeves-jr/secrets\.yaml$
    key_groups:
      - pgp: *admins
        age:
          - *jeeves-jr

  - path_regex: systems/palatine-hill/secrets\.yaml$
    key_groups:
      - pgp: *admins
        age:
          - *palatine-hill

  - path_regex: systems/photon/secrets\.yaml$
    key_groups:
      - pgp: *admins
        age:
          - *photon

  - path_regex: users/alice/secrets\.yaml$
    key_groups:
      - pgp:
          - *admin_alice
        age: *servers
    
  - path_regex: users/dennis/secrets\.yaml$
    key_groups:
      - pgp:
          - *admin_dennis
        age: *servers
  
  - path_regex: users/richie/secrets\.yaml$
    key_groups:
      - pgp:
          - *admin_richie
        age: *servers
sops and photon setup 2023-12-26 02:56:52 +01:00			`keys:`
			`# The PGP keys in keys/`
configure programs for photon 2023-12-26 19:06:02 +01:00			`- &admin_alice F63832C3080D6E1AC77EECF80B4245FFE305BC82`
			`- &admin_dennis 8F79E6CD6434700615867480D11A514F5095BFA8`
updated .sops.yaml 2023-12-29 13:53:36 -05:00			`- &admin_richie 29F5017C95D9E60B1B1E8407072B0E0B8312DFE3`

sops and photon setup 2023-12-26 02:56:52 +01:00			`# Generate AGE keys from SSH keys with:`
			`# nix-shell -p ssh-to-age --run 'ssh some.ssh.wavelens.io cat /etc/ssh/ssh_host_ed25519_key.pub \| ssh-to-age'`
			`- &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej`
reconfigure photon 2023-12-27 10:03:13 +01:00			`- &photon age13aqs2mx66dmnyd74sygnwavufv6a4pwnvcqj4ud4l94jk0tjgu6ss57slw`
updated .sops.yaml 2023-12-29 13:53:36 -05:00			`- &jeeves-jr age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh`
sops and photon setup 2023-12-26 02:56:52 +01:00
creating groups for sops.yaml (#25) * creating groups for sops.yaml I used yaml anchors https://en.wikipedia.org/wiki/YAML#Advanced_components I also ran the redhat YAML formater * fixed typo 2024-01-07 16:57:42 -05:00			`admins: &admins`
			`- *admin_alice`
			`- *admin_dennis`
			`- *admin_richie`

			`servers: &servers`
			`- *palatine-hill`
			`- *photon`
			`- *jeeves-jr`

add instructions Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2023-12-29 14:25:01 -05:00			`# add new users by executing: sops users/<user>/secrets.yaml`
			`# then have someone already in the repo run the below`
			`#`
changes to dennis home.nix 2023-12-26 10:45:54 +01:00			`# update keys by executing: sops updatekeys secrets.yaml`
sops and photon setup 2023-12-26 02:56:52 +01:00			`creation_rules:`
updated .sops.yaml 2023-12-29 13:53:36 -05:00			`- path_regex: systems/jeeves-jr/secrets\.yaml$`
			`key_groups:`
creating groups for sops.yaml (#25) * creating groups for sops.yaml I used yaml anchors https://en.wikipedia.org/wiki/YAML#Advanced_components I also ran the redhat YAML formater * fixed typo 2024-01-07 16:57:42 -05:00			`- pgp: *admins`
			`age:`
			`- *jeeves-jr`
updated .sops.yaml 2023-12-29 13:53:36 -05:00
configure programs for photon 2023-12-26 19:06:02 +01:00			`- path_regex: systems/palatine-hill/secrets\.yaml$`
			`key_groups:`
creating groups for sops.yaml (#25) * creating groups for sops.yaml I used yaml anchors https://en.wikipedia.org/wiki/YAML#Advanced_components I also ran the redhat YAML formater * fixed typo 2024-01-07 16:57:42 -05:00			`- pgp: *admins`
			`age:`
			`- *palatine-hill`
configure programs for photon 2023-12-26 19:06:02 +01:00
sops and photon setup 2023-12-26 02:56:52 +01:00			`- path_regex: systems/photon/secrets\.yaml$`
			`key_groups:`
creating groups for sops.yaml (#25) * creating groups for sops.yaml I used yaml anchors https://en.wikipedia.org/wiki/YAML#Advanced_components I also ran the redhat YAML formater * fixed typo 2024-01-07 16:57:42 -05:00			`- pgp: *admins`
			`age:`
			`- *photon`

configure programs for photon 2023-12-26 19:06:02 +01:00			`- path_regex: users/alice/secrets\.yaml$`
			`key_groups:`
creating groups for sops.yaml (#25) * creating groups for sops.yaml I used yaml anchors https://en.wikipedia.org/wiki/YAML#Advanced_components I also ran the redhat YAML formater * fixed typo 2024-01-07 16:57:42 -05:00			`- pgp:`
			`- *admin_alice`
			`age: *servers`
enable external SMTP for hydra (#49) * external SMTP for hydra Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * nix-serve sops Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * add binary cache * add hydra jobs * cleanup (#50) * finish up cleanup branch merge * switched back to nixpkgs-fmt * add nixpkgs-fmt to hydrajobs.build --------- Signed-off-by: ahuston-0 <aliceghuston@gmail.com> Co-authored-by: Dennis Wuitz <dennish@wuitz.de> Co-authored-by: Dennis <52411861+DerDennisOP@users.noreply.github.com> 2024-02-01 16:50:14 -05:00
configure programs for photon 2023-12-26 19:06:02 +01:00			`- path_regex: users/dennis/secrets\.yaml$`
creating groups for sops.yaml (#25) * creating groups for sops.yaml I used yaml anchors https://en.wikipedia.org/wiki/YAML#Advanced_components I also ran the redhat YAML formater * fixed typo 2024-01-07 16:57:42 -05:00			`key_groups:`
			`- pgp:`
			`- *admin_dennis`
			`age: *servers`
enable external SMTP for hydra (#49) * external SMTP for hydra Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * nix-serve sops Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * add binary cache * add hydra jobs * cleanup (#50) * finish up cleanup branch merge * switched back to nixpkgs-fmt * add nixpkgs-fmt to hydrajobs.build --------- Signed-off-by: ahuston-0 <aliceghuston@gmail.com> Co-authored-by: Dennis Wuitz <dennish@wuitz.de> Co-authored-by: Dennis <52411861+DerDennisOP@users.noreply.github.com> 2024-02-01 16:50:14 -05:00
updated .sops.yaml 2023-12-29 13:53:36 -05:00			`- path_regex: users/richie/secrets\.yaml$`
creating groups for sops.yaml (#25) * creating groups for sops.yaml I used yaml anchors https://en.wikipedia.org/wiki/YAML#Advanced_components I also ran the redhat YAML formater * fixed typo 2024-01-07 16:57:42 -05:00			`key_groups:`
			`- pgp:`
			`- *admin_richie`
			`age: *servers`