2024-06-20 08:59:56 -05:00
|
|
|
---
|
|
|
|
|
# config files for sops & used for encrypting keys that sops-nix decrypts.
|
2024-07-06 14:53:08 -05:00
|
|
|
# each machine key is derived from its generated `ssh_hosts_ed` file
|
2024-06-20 08:59:56 -05:00
|
|
|
# via ssh-to-age
|
|
|
|
|
# sops encrypts the secrets ready to decrypt with the private key of any of the below machines
|
|
|
|
|
# OR my 'main' key thats kept outside this repo securely.
|
|
|
|
|
|
|
|
|
|
# key-per-machine is a little more secure and a little more work than
|
|
|
|
|
# copying one key to each machine
|
|
|
|
|
|
|
|
|
|
keys:
|
|
|
|
|
- users:
|
2025-02-28 07:34:36 -06:00
|
|
|
- &jahanson age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp
|
2024-06-20 08:59:56 -05:00
|
|
|
- hosts:
|
2025-02-28 07:34:36 -06:00
|
|
|
- &shadowfax age1e4sd6jjd4uxxsh9xmhdsnu6mqd5h8c4zz4gwme7lkw9ee949fc9q4px9df
|
2025-03-09 00:17:55 -06:00
|
|
|
- &telchar age1nkpq8lr09vamgvf8cvzemqjyr3ex8w7azfupdr2gverz9j5zgemsv99t0z
|
2025-02-28 07:34:36 -06:00
|
|
|
- &telperion age1nwnqxjuaxlt5g7fe8rnspvn2c36uuef4hzwuwa6cfjfalz2lrd4q4n5fpl
|
|
|
|
|
- &varda age1a8z3p24v32l9yxm5z2l8h7rpc3nhacyfv4jvetk2lenrvsdstd3sdu2kaf
|
2024-06-20 08:59:56 -05:00
|
|
|
|
|
|
|
|
creation_rules:
|
|
|
|
|
- path_regex: .*\.sops\.yaml$
|
|
|
|
|
key_groups:
|
|
|
|
|
- age:
|
2025-02-28 07:34:36 -06:00
|
|
|
- *jahanson
|
|
|
|
|
- *shadowfax
|
|
|
|
|
- *telchar
|
|
|
|
|
- *telperion
|
|
|
|
|
- *varda
|
