52 lines
1.5 KiB
YAML
52 lines
1.5 KiB
YAML
keys:
|
|
# The PGP keys in keys/
|
|
- &admin_alice 5EFFB75F7C9B74EAA5C4637547940175096C1330
|
|
|
|
# Generate AGE keys from SSH keys with:
|
|
# ssh-keygen -A
|
|
# nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
|
|
# cspell:disable
|
|
- &artemision age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
|
|
- &artemision-home age1t29a6z6cfy8m3cnc8uva0ey833vhcppue8psyumts7mtyf0zufcqvfshuc
|
|
#- &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
|
|
- &palatine-hill age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh
|
|
# cspell:enable
|
|
|
|
servers: &servers
|
|
- *palatine-hill
|
|
|
|
# add new users by executing: sops users/<user>/secrets.yaml
|
|
# then have someone already in the repo run the below
|
|
#
|
|
# update keys by executing: sops updatekeys secrets.yaml
|
|
# note: add .* before \.yaml if you'd like to use the mergetool config
|
|
creation_rules:
|
|
- path_regex: users/alice/secrets.*\.yaml$
|
|
key_groups:
|
|
- pgp:
|
|
- *admin_alice
|
|
age:
|
|
- *palatine-hill
|
|
- *artemision
|
|
- *artemision-home
|
|
|
|
- path_regex: systems/palatine-hill/secrets.*\.yaml$
|
|
key_groups:
|
|
- pgp:
|
|
- *admin_alice
|
|
age:
|
|
- *palatine-hill
|
|
|
|
- path_regex: systems/artemision/secrets.*\.yaml$
|
|
key_groups:
|
|
- pgp:
|
|
- *admin_alice
|
|
age:
|
|
- *artemision
|
|
- path_regex: systems/palatine-hill/docker/wg/.*\.conf$
|
|
key_groups:
|
|
- pgp:
|
|
- *admin_alice
|
|
age:
|
|
- *palatine-hill
|