.sops.yaml

keys:
  - &admin B054287D42FC91AD36137D9F03ECA132FD38CD59
  - &smb age1n8ukjh0krslvv3v5cqy6v5t5utgspek2g3kx3j0gxjszvszllaasllc3hk
  - &surface age1k7dljw9mthfr8y6c99hrkn2ncs0f4dfsm5e42fvfat70wvd7e48qhz0dzl
  - &nebula-lighthouse age109w25c2fjtv2wslwy8hvsms4r6hjmrkfucq2mysskz6wg5jg5s7ql98tzn
  - &r-desktop age1pkwflrjlcf494fcc48rqmcnf0xq5as0ly6w95leq350r9tk4pg8qutw0sc
  - &ssl-proxy age1m0g3qdsn5zanqckt5pt9twm2c7l775uw9ac9rl95xmws8j09hd7sup5zpa
  - &jasmine-laptop age124h0tx68mcsg9q4cfujl2yxd6vpvshrsvwf29u2x0yer0egt9exs5fmjhj
  - &audiobooks age1lywvqnrhwlcnwhw34ry02thte2jatguz5wcq63gymphn9tn47uds0t9dr9
  - &nextcloud age1fk7kw7s2jng3v7dzm0vrq4ccsu9xwtssj2u2evjdsrz4jksngf4sp0knmp
  - &rescueIso age1q6hp5wn8p08ms6n9g6h6w2tk7hn67yjxkaakwz8fvd6j7c6lhepqv9cq5x
  - &petronillaStreaming age1psj4h28ulrglqe48qs3mhchlvvvpx9ew6qy7nve5j5uvvsy80a6shqr20a
  - &raoul-framework age1lzsz9p0r50zl2cf998kuu6z3jqeck8wlz96l70xnq7g0vy35xd9q5l5535
  - &server age1dg3pflxlmka90msy8jmfghcaeclx3ykqnkh5rez39k200cxc2guq0ahmg9
  - &vps age1x83nmn5rmf6g8n5y6m2zmu97ep3a5ngvgj5t2uwkrdmnz5fmfyks2wtn39
creation_rules:
  - path_regex: ^secrets/surface-raoul-nixos/.*$
    key_groups:
    - pgp:
      - *admin
      age:
      - *surface
  - path_regex: ^secrets/nebula-lighthouse/.*$
    key_groups:
    - pgp:
      - *admin
      age:
      - *nebula-lighthouse
      - *server
      - *vps
  - path_regex: ^secrets/r-desktop/.*$
    key_groups:
      - pgp:
        - *admin
        age:
        - *r-desktop
  - path_regex: ^secrets/raoul-framework/.*$
    pgp: *admin
    age: *raoul-framework
  - path_regex: ^secrets/smb/.*$
    key_groups:
    - pgp:
      - *admin
      age:
      - *smb
      - *server
  - path_regex: ^secrets/ssl-proxy/.*$
    key_groups:
    - pgp:
      - *admin
      age:
      - *ssl-proxy
      - *server
  - path_regex: ^secrets/audiobooks/.*$
    key_groups:
    - pgp:
      - *admin
      age:
      - *audiobooks
      - *server
  - path_regex: ^secrets/smtp.yaml$
    key_groups:
    - pgp:
      - *admin
      age:
      - *nextcloud
      - *server
  - path_regex: ^secrets/[^/]*$
    key_groups:
    - pgp:
      - *admin
      age:
      - *audiobooks
      - *surface
      - *nebula-lighthouse
      - *r-desktop
      - *ssl-proxy
      - *jasmine-laptop
      - *nextcloud
      - *rescueIso
      - *petronillaStreaming
      - *raoul-framework
      - *smb
      - *server
      - *vps
  - path_regex: ^secrets/jasmine-laptop/.*$
    key_groups:
    - pgp:
      - *admin
      age:
      - *jasmine-laptop
  - path_regex: ^secrets/nextcloud/.*$
    key_groups:
    - pgp:
      - *admin
      age:
      - *nextcloud
      - *server
  - path_regex: ^secrets/rescueIso/.*$
    key_groups:
    - pgp:
      - *admin
      age:
      - *rescueIso
  - path_regex: ^secrets/petronillaStreaming/.*$
    key_groups:
    - pgp:
      - *admin
      age:
      - *petronillaStreaming
  - path_regex: ^secrets/vps/.*$
    key_groups:
    - pgp:
      - *admin
      age:
      - *vps
  - path_regex: ^secrets/server/.*$
    key_groups:
    - pgp:
      - *admin
      age:
      - *server
  - path_regex: secrets/bacula/clients/r-desktop.yaml
    key_groups:
    - age:
      - *nextcloud
      - *r-desktop
      - *server
      pgp:
      - *admin
  - path_regex: secrets/bacula/clients/surface.yaml
    key_groups:
    - age:
      - *surface
      - *nextcloud
      - *server
      pgp:
      - *admin
  - path_regex: ^secrets/bacula/.*
    key_groups:
    - age:
      - *nextcloud
      - *server
      pgp:
      - *admin
  - path_regex: ^secrets/
    pgp: *admin