-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy path.sops.yaml
36 lines (31 loc) · 1.06 KB
/
.sops.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# .sops.yaml
#
# Add servers with:
# ssh-keyscan -t ed25519 [hostname] | nix run nixpkgs#ssh-to-age.
#
# Edit secrets with:
# nix run nixpkgs#sops -- ~/nix/modules/nixos/[host]/secrets/secrets.yml
#
# Use sops updatekeys command to re-key corresponding files:
# nix run nixpkgs#sops -- updatekeys [filename].
keys:
- &admin_totaltax age1ep9m2ackk06q5clj3s4tqgjlld0hd9qhy83tgfkp2yl9s70azscs8zuvqf
- &host_laptop_strix age1dmh7zyq2x9me5v82lqean45c5dtzaks8l4crupl3axdv934lx56qy87u24
- &host_laptop age1ut9v54j8wu7zyr7exvfdn8q3m2kz0v7a082tzvfy4w27muykuyksul3sx0
- &host_remote age1glckwtavpgnv8cauzh9jqryxs367lm4tjf8fruvewl6exajh65aq4cqk8u
creation_rules:
- path_regex: modules/nixos/laptop-strix/secrets/[^/]+\.yml$
key_groups:
- age:
- *admin_totaltax
- *host_laptop_strix
- path_regex: modules/nixos/laptop/secrets/[^/]+\.yml$
key_groups:
- age:
- *admin_totaltax
- *host_laptop
- path_regex: modules/nixos/remote/secrets/[^/]+\.yml$
key_groups:
- age:
- *admin_totaltax
- *host_remote