keys:
    # The PGP keys in keys/
    - &admin_alice 5EFFB75F7C9B74EAA5C4637547940175096C1330
    # Generate AGE keys from SSH keys with:
    #   ssh-keygen -A
    #   nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
    # cspell:disable
    - &artemision age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
    - &artemision-home age1t29a6z6cfy8m3cnc8uva0ey833vhcppue8psyumts7mtyf0zufcqvfshuc
    #- &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
    - &palatine-hill age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh
    # cspell:enable
servers: &servers
    - *palatine-hill
# add new users by executing: sops users/<user>/secrets.yaml
# then have someone already in the repo run the below
#
# update keys by executing: sops updatekeys secrets.yaml
# note: add .* before \.yaml if you'd like to use the mergetool config
creation_rules:
    - path_regex: users/alice/secrets.*\.yaml$
      key_groups:
        - pgp:
            - *admin_alice
          age:
            - *palatine-hill
            - *artemision
            - *artemision-home
    - path_regex: systems/palatine-hill/secrets.*\.yaml$
      key_groups:
        - pgp:
            - *admin_alice
          age:
            - *palatine-hill
    - path_regex: systems/artemision/secrets.*\.yaml$
      key_groups:
        - pgp:
            - *admin_alice
          age:
            - *artemision
    - path_regex: systems/palatine-hill/docker/wg/.*\.conf$
      key_groups:
        - pgp:
            - *admin_alice
          age:
            - *palatine-hill