ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

creating groups for sops.yaml (#25)

Browse Source 
* creating groups for sops.yaml
I used yaml anchors
https://en.wikipedia.org/wiki/YAML#Advanced_components
I also ran the redhat YAML formater

* fixed typo
This commit is contained in:
Richie Cahill 2024-01-07 16:57:42 -05:00 committed by GitHub
parent 4abf1a806e
commit 6e239a8e90
1 changed files with 31 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
.sops.yaml
View File

@ -10,6 +10,16 @@ keys:
- &photon age13aqs2mx66dmnyd74sygnwavufv6a4pwnvcqj4ud4l94jk0tjgu6ss57slw - &photon age13aqs2mx66dmnyd74sygnwavufv6a4pwnvcqj4ud4l94jk0tjgu6ss57slw
- &jeeves-jr age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh - &jeeves-jr age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh
admins: &admins
- *admin_alice
- *admin_dennis
- *admin_richie
servers: &servers
- *palatine-hill
- *photon
- *jeeves-jr
# add new users by executing: sops users/<user>/secrets.yaml # add new users by executing: sops users/<user>/secrets.yaml
# then have someone already in the repo run the below # then have someone already in the repo run the below
# #
@ -17,54 +27,34 @@ keys:
creation_rules: creation_rules:
- path_regex: systems/jeeves-jr/secrets\.yaml$ - path_regex: systems/jeeves-jr/secrets\.yaml$
key_groups: key_groups:
- pgp: - pgp: *admins
- *admin_alice age:
- *admin_dennis - *jeeves-jr
- *admin_richie
age:
- *jeeves-jr
- path_regex: systems/palatine-hill/secrets\.yaml$ - path_regex: systems/palatine-hill/secrets\.yaml$
key_groups: key_groups:
- pgp: - pgp: *admins
- *admin_alice age:
- *admin_dennis - *palatine-hill
- *admin_richie
age:
- *palatine-hill
- path_regex: systems/photon/secrets\.yaml$ - path_regex: systems/photon/secrets\.yaml$
key_groups: key_groups:
- pgp: - pgp: *admins
- *admin_alice age:
- *admin_dennis - *photon
- *admin_richie
age:
- *photon
- path_regex: users/alice/secrets\.yaml$ - path_regex: users/alice/secrets\.yaml$
key_groups: key_groups:
- pgp: - pgp:
- *admin_alice - *admin_alice
age: age: *servers
- *jeeves-jr
- *palatine-hill
- *photon
- path_regex: users/dennis/secrets\.yaml$ - path_regex: users/dennis/secrets\.yaml$
key_groups: key_groups:
- pgp: - pgp:
- *admin_dennis - *admin_dennis
age: age: *servers
- *jeeves-jr
- *palatine-hill
- *photon
- path_regex: users/richie/secrets\.yaml$ - path_regex: users/richie/secrets\.yaml$
key_groups: key_groups:
- pgp: - pgp:
- *admin_richie - *admin_richie
age: age: *servers
- *jeeves-jr
- *palatine-hill
- *photon