9786bc9cd6
* chore: tweak favourites * chore: hacking * feat: add nix-serve * hax * re-encrypt * haxing bind * hacing sonarr/traef * hack * hack * feat: add bind for local dns (manual) * fix * hacked up dns --------- Co-authored-by: Truxnell <9149206+truxnell@users.noreply.github.com>
26 lines
994 B
YAML
26 lines
994 B
YAML
---
|
|
# config files for sops & used for encrypting keys that sops-nix decrypts.
|
|
# each machine key is derieved from its generated `ssh_hosts_ed` file
|
|
# via ssh-to-age
|
|
# sops encrypts the secrets ready to decrypt with the private key of any of the below machines
|
|
# OR my 'main' key thats kept outside this repo securely.
|
|
|
|
# key-per-machine is a little more secure and a little more work than
|
|
# copying one key to each machine
|
|
|
|
keys:
|
|
- &dns01 age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
|
- &dns02 age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
|
- &citadel age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
|
- &rickenbacker age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
|
- &shodan age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
|
|
|
creation_rules:
|
|
- path_regex: .*\.sops\.yaml$
|
|
key_groups:
|
|
- age:
|
|
- *dns01
|
|
- *dns02
|
|
- *citadel
|
|
- *rickenbacker
|
|
- *shodan
|