kalipso
251f87553f
All checks were successful
Check flake syntax / flake-check (push) Successful in 6m0s
105 lines
3.0 KiB
YAML
105 lines
3.0 KiB
YAML
# This example uses YAML anchors which allows reuse of multiple keys
|
|
# without having to repeat yourself.
|
|
# Also see https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml
|
|
# for a more complex example.
|
|
keys:
|
|
- &admin_kalipso c4639370c41133a738f643a591ddbc4c3387f1fb
|
|
- &admin_kalipso_dsktp aef8d6c7e4761fc297cda833df13aebb1011b5d4
|
|
- &admin_atlan age1ljpdczmg5ctqyeezn739hv589fwhssjjnuqf7276fqun6kc62v3qmhkd0c
|
|
- &machine_moderatio 3b7027ab1933c4c5e0eb935f8f9b3c058aa6d4c2
|
|
- &machine_lucia 3474196f3adf27cfb70f8f56bcd52d1ed55033db
|
|
- &machine_durruti age1tc6aqmcl74du56d04wsz6mzp83n9990krzu4kuam2jqu8fx6kqpq038xuz
|
|
- &machine_infradocs age1tesz7xnnq9e58n5qwjctty0lw86gzdzd5ke65mxl8znyasx3nalqe4x6yy
|
|
- &machine_overwatch age1hq75x3dpnfqat9sgtfjf8lep49qvkdgza3xwp7ugft3kd74pdfnqfsmmdn
|
|
- &machine_vpn age1v6uxwej4nlrpfanr9js7x6059mtvyg4fw50pzt0a2kt3ahk7edlslafeuh
|
|
- &machine_fanny age136sz3lzhxf74ryruvq34d4tmmxnezkqkgu6zqa3dm582c22fgejqagrqxk
|
|
- &machine_nextcloud age1g084sl230x94mkd2wq92s03mw0e8mnpjdjfx9uzaxw6psm8neyzqqwpnqe
|
|
#this dummy key is used for testing.
|
|
- &machine_dummy age18jn5mrfs4gqrnv0e2sxsgh3kq4sgxx39hwr8z7mz9kt7wlgaasjqlr88ng
|
|
creation_rules:
|
|
#provide fake secrets in a dummy.yaml file for each host
|
|
- path_regex: '.*dummy\.yaml$'
|
|
key_groups:
|
|
- pgp:
|
|
- *admin_kalipso
|
|
- *admin_kalipso_dsktp
|
|
age:
|
|
- *machine_dummy
|
|
- *admin_atlan
|
|
- path_regex: moderatio/secrets/secrets.yaml$
|
|
key_groups:
|
|
- pgp:
|
|
- *admin_kalipso
|
|
- *admin_kalipso_dsktp
|
|
- *machine_moderatio
|
|
age:
|
|
- *admin_atlan
|
|
- path_regex: lucia/secrets.yaml$
|
|
key_groups:
|
|
- pgp:
|
|
- *admin_kalipso
|
|
- *admin_kalipso_dsktp
|
|
- *machine_lucia
|
|
age:
|
|
- *admin_atlan
|
|
- path_regex: durruti/secrets.yaml$
|
|
key_groups:
|
|
- pgp:
|
|
- *admin_kalipso
|
|
- *admin_kalipso_dsktp
|
|
age:
|
|
- *machine_durruti
|
|
- *admin_atlan
|
|
- path_regex: vpn/secrets.yaml$
|
|
key_groups:
|
|
- pgp:
|
|
- *admin_kalipso
|
|
- *admin_kalipso_dsktp
|
|
age:
|
|
- *machine_vpn
|
|
- *admin_atlan
|
|
- path_regex: fanny/secrets.yaml$
|
|
key_groups:
|
|
- pgp:
|
|
- *admin_kalipso
|
|
- *admin_kalipso_dsktp
|
|
age:
|
|
- *machine_fanny
|
|
- *admin_atlan
|
|
- path_regex: testvm/disk.key
|
|
key_groups:
|
|
- pgp:
|
|
- *admin_kalipso
|
|
- *admin_kalipso_dsktp
|
|
age:
|
|
- *admin_atlan
|
|
- path_regex: bakunin/disk.key
|
|
key_groups:
|
|
- pgp:
|
|
- *admin_kalipso
|
|
- *admin_kalipso_dsktp
|
|
age:
|
|
- *admin_atlan
|
|
- path_regex: nextcloud/secrets.yaml$
|
|
key_groups:
|
|
- pgp:
|
|
- *admin_kalipso
|
|
- *admin_kalipso_dsktp
|
|
age:
|
|
- *admin_atlan
|
|
- *machine_nextcloud
|
|
- path_regex: overwatch/secrets.yaml$
|
|
key_groups:
|
|
- pgp:
|
|
- *admin_kalipso
|
|
- *admin_kalipso_dsktp
|
|
age:
|
|
- *admin_atlan
|
|
- path_regex: .*/secrets/.*
|
|
key_groups:
|
|
- pgp:
|
|
- *admin_kalipso
|
|
- *admin_kalipso_dsktp
|
|
age:
|
|
- *admin_atlan
|