# This example uses YAML anchors which allows reuse of multiple keys 
# without having to repeat yourself.
# Also see https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml
# for a more complex example.
keys:
  - &admin_kalipso c4639370c41133a738f643a591ddbc4c3387f1fb
  - &admin_kalipso_dsktp aef8d6c7e4761fc297cda833df13aebb1011b5d4
  - &admin_atlan age1ljpdczmg5ctqyeezn739hv589fwhssjjnuqf7276fqun6kc62v3qmhkd0c
  - &machine_moderatio 3b7027ab1933c4c5e0eb935f8f9b3c058aa6d4c2
  - &machine_lucia 3474196f3adf27cfb70f8f56bcd52d1ed55033db
  - &machine_durruti age1arwef7t65lz40lxhs5svyzentskjzam3e0e0yxen872vwy6v234s9uftvr
  - &machine_infradocs age15rqsygf7yfe6pv6t4c6c9jc6yk4vu5grmmcu7sexvqfw8763mf2q6qw50h
  - &machine_overwatch age1075ep3sl5ztshnq4jrygxqqqfts9wzk4gvvtwfjcep5ke8nzqs5sxtw7vd
  - &machine_vpn age1v6uxwej4nlrpfanr9js7x6059mtvyg4fw50pzt0a2kt3ahk7edlslafeuh
  - &machine_fanny age136sz3lzhxf74ryruvq34d4tmmxnezkqkgu6zqa3dm582c22fgejqagrqxk
  - &machine_nextcloud age19mn55pz5dgeghjg5cp7mymwax20jshmp8gwzuf2s3h5xlvzjksyqfscsqk
  #this dummy key is used for testing.
  - &machine_dummy age18jn5mrfs4gqrnv0e2sxsgh3kq4sgxx39hwr8z7mz9kt7wlgaasjqlr88ng
creation_rules:
  #provide fake secrets in a dummy.yaml file for each host
  - path_regex: '.*dummy\.yaml$'
    key_groups:
    - pgp:
      - *admin_kalipso
      - *admin_kalipso_dsktp
      age:
      - *machine_dummy
      - *admin_atlan
  - path_regex: moderatio/secrets/secrets.yaml$
    key_groups:
    - pgp:
      - *admin_kalipso
      - *admin_kalipso_dsktp
      - *machine_moderatio
      age:
      - *admin_atlan
  - path_regex: lucia/secrets.yaml$
    key_groups:
    - pgp:
      - *admin_kalipso
      - *admin_kalipso_dsktp
      - *machine_lucia
      age:
      - *admin_atlan
  - path_regex: durruti/secrets.yaml$
    key_groups:
    - pgp:
      - *admin_kalipso
      - *admin_kalipso_dsktp
      age:
      - *machine_durruti
      - *admin_atlan
  - path_regex: vpn/secrets.yaml$
    key_groups:
    - pgp:
      - *admin_kalipso
      - *admin_kalipso_dsktp
      age:
      - *machine_vpn
      - *admin_atlan
  - path_regex: fanny/secrets.yaml$
    key_groups:
    - pgp:
      - *admin_kalipso
      - *admin_kalipso_dsktp
      age:
      - *machine_fanny
      - *admin_atlan
  - path_regex: testvm/disk.key
    key_groups:
    - pgp:
      - *admin_kalipso
      - *admin_kalipso_dsktp
      age:
      - *admin_atlan
  - path_regex: fanny/disk.key
    key_groups:
    - pgp:
      - *admin_kalipso
      - *admin_kalipso_dsktp
      age:
      - *admin_atlan
  - path_regex: bakunin/disk.key
    key_groups:
    - pgp:
      - *admin_kalipso
      - *admin_kalipso_dsktp
      age:
      - *admin_atlan
  - path_regex: nextcloud/secrets.yaml$
    key_groups:
    - pgp:
      - *admin_kalipso
      - *admin_kalipso_dsktp
      age:
      - *admin_atlan
      - *machine_nextcloud
  - path_regex: overwatch/secrets.yaml$
    key_groups:
    - pgp:
      - *admin_kalipso
      - *admin_kalipso_dsktp
      age:
      - *admin_atlan