infrastructure/machines/.sops.yaml

# This example uses YAML anchors which allows reuse of multiple keys 
# without having to repeat yourself.
# Also see https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml
# for a more complex example.
keys:
  - &admin_kalipso c4639370c41133a738f643a591ddbc4c3387f1fb
  - &admin_kalipso_dsktp aef8d6c7e4761fc297cda833df13aebb1011b5d4
  - &admin_atlan age1ljpdczmg5ctqyeezn739hv589fwhssjjnuqf7276fqun6kc62v3qmhkd0c
  - &machine_moderatio 3b7027ab1933c4c5e0eb935f8f9b3c058aa6d4c2
  - &machine_lucia 3474196f3adf27cfb70f8f56bcd52d1ed55033db
  - &machine_durruti age1pd2kkscyh7fuvm49umz8lfhse4fpkmp5pa3gvnh4ranwxs4mz9nqdy7sda
  - &machine_infradocs age1decc74l6tm5sjtnjyj8rkxysr9j49fxsc92r2dcfpmzdcjv5dews8f03se
  - &machine_overwatch age1psj6aeu03s2k4zdfcte89nj4fw95xgk4e7yr3e6k6u2evq84ng3s57p6f0
  - &machine_vpn age1v6uxwej4nlrpfanr9js7x6059mtvyg4fw50pzt0a2kt3ahk7edlslafeuh
  - &machine_fanny age1f53q3kkv0qsarlrkdaddjchdzckp5szkv4tu9kly7slkwd966sfs3vccce
  - &machine_nextcloud age1z0cfz7l4vakjrte220h46fc05503506fjcz440na92pzgztlspmqc8vt6k
  #this dummy key is used for testing.
  - &machine_dummy age18jn5mrfs4gqrnv0e2sxsgh3kq4sgxx39hwr8z7mz9kt7wlgaasjqlr88ng
creation_rules:
  #provide fake secrets in a dummy.yaml file for each host
  - path_regex: '.*dummy\.yaml$'
    key_groups:
    - pgp:
      - *admin_kalipso
      - *admin_kalipso_dsktp
      age:
      - *machine_dummy
      - *admin_atlan
  - path_regex: moderatio/secrets/secrets.yaml$
    key_groups:
    - pgp:
      - *admin_kalipso
      - *admin_kalipso_dsktp
      - *machine_moderatio
      age:
      - *admin_atlan
  - path_regex: lucia/secrets.yaml$
    key_groups:
    - pgp:
      - *admin_kalipso
      - *admin_kalipso_dsktp
      - *machine_lucia
      age:
      - *admin_atlan
  - path_regex: durruti/secrets.yaml$
    key_groups:
    - pgp:
      - *admin_kalipso
      - *admin_kalipso_dsktp
      age:
      - *machine_durruti
      - *admin_atlan
  - path_regex: vpn/secrets.yaml$
    key_groups:
    - pgp:
      - *admin_kalipso
      - *admin_kalipso_dsktp
      age:
      - *machine_vpn
      - *admin_atlan
  - path_regex: fanny/secrets.yaml$
    key_groups:
    - pgp:
      - *admin_kalipso
      - *admin_kalipso_dsktp
      age:
      - *machine_fanny
      - *admin_atlan
  - path_regex: testvm/disk.key
    key_groups:
    - pgp:
      - *admin_kalipso
      - *admin_kalipso_dsktp
      age:
      - *admin_atlan
  - path_regex: fanny/disk.key
    key_groups:
    - pgp:
      - *admin_kalipso
      - *admin_kalipso_dsktp
      age:
      - *admin_atlan
  - path_regex: bakunin/disk.key
    key_groups:
    - pgp:
      - *admin_kalipso
      - *admin_kalipso_dsktp
      age:
      - *admin_atlan
  - path_regex: nextcloud/secrets.yaml$
    key_groups:
    - pgp:
      - *admin_kalipso
      - *admin_kalipso_dsktp
      age:
      - *admin_atlan
      - *machine_nextcloud
  - path_regex: overwatch/secrets.yaml$
    key_groups:
    - pgp:
      - *admin_kalipso
      - *admin_kalipso_dsktp
      age:
      - *admin_atlan