nix/.sops.yaml

keys:
  # users:
  - &albert              4A89D6B44B7E423B647C7AE848FBC3335A26DED6
  # hosts:
  - &nixos-framework     aaec681e4fb9dcdd15d0d367a86615d17653d819
  - &steamdeck           d01f806e6f0909dc470a676b6fe398ca0043ab53
  - &framework-server    dfd3a496aba156fa521e82ada77d68dc727cf52b
  - &osaka-linode-01     5f548d87ab2b8a4d48d80da3f2ff8352998da7fa
  - &milan-linode-01     264f9137377eda3b95c82c86cebd6d17984b8d4e
  - &frankfurt-linode-01 6b30711a5c58990a0befdf2b088f57010efc341c
  - &piaware-rpi4        4216b645667670a6130bb95a72a56f8269cd0818
  - &backups-rpi4        8b37122bb46dc98c208002d65e94778ecd94bd4e
  - &bakersfield-rpi4    c93d5c2da5efe4ba4103c8f571faa392f202eed4
  - &warsaw-ovh-01       a21a35bfed7640922ee5cda24ae2cb3e18540f00 
  - &quitman-rpi4     
  - &nixos-desktop    
  - &nuc-server

creation_rules:
  
  # Shared:
  - path_regex: secrets\/yubikey\.yaml$
    key_groups:
      - pgp:
        - *albert
        - *nixos-framework

  - path_regex: secrets\/secrets\.yaml$
    key_groups:
    - pgp:
      - *albert
      - *osaka-linode-01
      - *milan-linode-01
      - *frankfurt-linode-01
      - *nixos-framework
      - *framework-server
      - *piaware-rpi4
      - *backups-rpi4
      - *bakersfield-rpi4
      - *steamdeck
      - *warsaw-ovh-01

  - path_regex: secrets\/wireguard\.yaml$
    key_groups:
    - pgp: 
      - *albert
      - *osaka-linode-01
      - *frankfurt-linode-01
      - *framework-server
      - *backups-rpi4
      - *warsaw-ovh-01

  # Users 
  - path_regex: secrets\/users\/albert\.yaml$
    key_groups:
    - pgp:
      - *albert
      - *osaka-linode-01
      - *milan-linode-01
      - *frankfurt-linode-01
      - *nixos-framework
      - *framework-server
      - *piaware-rpi4
      - *backups-rpi4
      - *bakersfield-rpi4
      - *steamdeck
      - *warsaw-ovh-01

  # Containers 
  - path_regex: secrets\/containers\/rdesktop\.yaml$
    key_groups:
    - pgp:
      - *albert
      - *framework-server

  # Linode 
  - path_regex: secrets\/hosts\/frankfurt-linode-01\.yaml$
    key_groups:
    - pgp:
      - *albert
      - *frankfurt-linode-01

  - path_regex: secrets\/hosts\/milan-linode-01\.yaml$
    key_groups:
    - pgp:
      - *albert
      - *milan-linode-01

  - path_regex: secrets\/hosts\/osaka-linode-01\.yaml$
    key_groups:
    - pgp:
      - *albert
      - *osaka-linode-01

  # Hosts
  - path_regex: secrets\/hosts\/warsaw-ovh-01\.yaml$
    key_groups:
    - pgp:
      - *albert
      - *warsaw-ovh-01

  - path_regex: secrets\/hosts\/nixos-framework\.yaml$
    key_groups:
    - pgp:
      - *albert
      - *nixos-framework

  - path_regex: secrets\/hosts\/framework-server\.yaml$
    key_groups:
    - pgp:
      - *albert
      - *framework-server

  - path_regex: secrets\/hosts\/piaware-rpi4\.yaml$
    key_groups:
    - pgp:
      - *albert
      - *piaware-rpi4

  - path_regex: secrets\/hosts\/backups-rpi4\.yaml$
    key_groups:
    - pgp: 
      - *albert
      - *backups-rpi4
 
  - path_regex: secrets\/hosts\/steamdeck\.yaml$
    key_groups:
    - pgp: 
      - *albert
      - *steamdeck

  - path_regex: secrets\/hosts\/bakersfield-rpi4\.yaml$
    key_groups:
    - pgp: 
      - *albert
      - *bakersfield-rpi4
  
  - path_regex: secrets\/hosts\/quitman-rpi4\.yaml$
    key_groups:
    - pgp: 
      - *albert

  - path_regex: secrets\/hosts\/nixos-desktop\.yaml$
    key_groups:
    - pgp:
      - *albert

  - path_regex: secrets\/hosts\/nuc-server\.yaml$
    key_groups:
    - pgp:
      - *albert
Testing sops 2023-07-03 07:37:20 +02:00			`keys:`
update secrest 2024-07-07 05:20:07 +02:00			`# users:`
			`- &albert 4A89D6B44B7E423B647C7AE848FBC3335A26DED6`
			`# hosts:`
			`- &nixos-framework aaec681e4fb9dcdd15d0d367a86615d17653d819`
			`- &steamdeck d01f806e6f0909dc470a676b6fe398ca0043ab53`
			`- &framework-server dfd3a496aba156fa521e82ada77d68dc727cf52b`
			`- &osaka-linode-01 5f548d87ab2b8a4d48d80da3f2ff8352998da7fa`
			`- &milan-linode-01 264f9137377eda3b95c82c86cebd6d17984b8d4e`
			`- &frankfurt-linode-01 6b30711a5c58990a0befdf2b088f57010efc341c`
			`- &piaware-rpi4 4216b645667670a6130bb95a72a56f8269cd0818`
			`- &backups-rpi4 8b37122bb46dc98c208002d65e94778ecd94bd4e`
			`- &bakersfield-rpi4 c93d5c2da5efe4ba4103c8f571faa392f202eed4`
Update secrets 2024-07-16 12:44:20 +02:00			`- &warsaw-ovh-01 a21a35bfed7640922ee5cda24ae2cb3e18540f00`
update secrest 2024-07-07 05:20:07 +02:00			`- &quitman-rpi4`
			`- &nixos-desktop`
			`- &nuc-server`
Test 2023-11-12 13:29:57 +01:00
Testing sops 2023-07-03 07:37:20 +02:00			`creation_rules:`
update 2024-05-07 02:49:50 +02:00
			`# Shared:`
Testing 2024-05-05 09:56:47 +02:00			`- path_regex: secrets\/yubikey\.yaml$`
			`key_groups:`
			`- pgp:`
update 2024-05-05 11:20:05 +02:00			`- *albert`
			`- *nixos-framework`
Testing 2024-05-05 09:56:47 +02:00
Test 2023-10-17 04:17:05 +02:00			`- path_regex: secrets\/secrets\.yaml$`
Testing sops 2023-07-03 07:37:20 +02:00			`key_groups:`
Add pgp key 2023-10-06 07:17:58 +02:00			`- pgp:`
update 2024-05-05 11:20:05 +02:00			`- *albert`
			`- *osaka-linode-01`
			`- *milan-linode-01`
update keys 2024-06-24 13:58:31 +02:00			`- *frankfurt-linode-01`
update 2024-05-05 11:20:05 +02:00			`- *nixos-framework`
			`- *framework-server`
			`- *piaware-rpi4`
			`- *backups-rpi4`
			`- *bakersfield-rpi4`
			`- *steamdeck`
Update secrets 2024-07-16 12:44:20 +02:00			`- *warsaw-ovh-01`
Begin wg forwarder testing 2023-10-06 05:52:40 +02:00
Test 2023-10-17 04:17:05 +02:00			`- path_regex: secrets\/wireguard\.yaml$`
Begin wg forwarder testing 2023-10-06 05:52:40 +02:00			`key_groups:`
Add pgp key 2023-10-06 07:17:58 +02:00			`- pgp:`
update 2024-05-05 11:20:05 +02:00			`- *albert`
			`- *osaka-linode-01`
Update secrets 2024-07-07 04:29:33 +02:00			`- *frankfurt-linode-01`
update 2024-05-05 11:20:05 +02:00			`- *framework-server`
			`- *backups-rpi4`
Update secrets 2024-07-16 12:44:20 +02:00			`- *warsaw-ovh-01`
update sops.yaml 2023-12-14 02:42:29 +01:00
update 2024-05-07 02:49:50 +02:00			`# Users`
			`- path_regex: secrets\/users\/albert\.yaml$`
			`key_groups:`
Update keys 2024-05-07 09:27:24 +02:00			`- pgp:`
			`- *albert`
			`- *osaka-linode-01`
			`- *milan-linode-01`
update keys 2024-06-24 13:58:31 +02:00			`- *frankfurt-linode-01`
Update keys 2024-05-07 09:27:24 +02:00			`- *nixos-framework`
			`- *framework-server`
			`- *piaware-rpi4`
			`- *backups-rpi4`
			`- *bakersfield-rpi4`
			`- *steamdeck`
Update secrets 2024-07-16 12:44:20 +02:00			`- *warsaw-ovh-01`
update 2024-05-07 02:49:50 +02:00
			`# Containers`
test 2024-03-25 03:53:39 +01:00			`- path_regex: secrets\/containers\/rdesktop\.yaml$`
			`key_groups:`
			`- pgp:`
update 2024-05-05 11:20:05 +02:00			`- *albert`
			`- *framework-server`
tsting 2024-04-25 12:36:23 +02:00
update sops yaml 2024-07-07 05:22:07 +02:00			`# Linode`
Updates 2024-06-23 12:19:59 +02:00			`- path_regex: secrets\/hosts\/frankfurt-linode-01\.yaml$`
			`key_groups:`
			`- pgp:`
			`- *albert`
Update keys 2024-06-24 13:41:03 +02:00			`- *frankfurt-linode-01`
Updates 2024-06-23 12:19:59 +02:00
Updates 2024-03-15 02:27:55 +01:00			`- path_regex: secrets\/hosts\/milan-linode-01\.yaml$`
			`key_groups:`
			`- pgp:`
update 2024-05-05 11:20:05 +02:00			`- *albert`
			`- *milan-linode-01`
Updates 2024-03-15 02:27:55 +01:00
separate configs for every host 2024-01-12 06:49:44 +01:00			`- path_regex: secrets\/hosts\/osaka-linode-01\.yaml$`
			`key_groups:`
			`- pgp:`
update 2024-05-05 11:20:05 +02:00			`- *albert`
			`- *osaka-linode-01`
separate configs for every host 2024-01-12 06:49:44 +01:00
update sops yaml 2024-07-07 05:22:07 +02:00			`# Hosts`
Add warsaw-ovh-01 configs 2024-07-12 07:40:25 +02:00			`- path_regex: secrets\/hosts\/warsaw-ovh-01\.yaml$`
update sops yaml 2024-07-07 05:22:07 +02:00			`key_groups:`
			`- pgp:`
			`- *albert`
Update secrets 2024-07-16 12:44:20 +02:00			`- *warsaw-ovh-01`
update sops yaml 2024-07-07 05:22:07 +02:00
separate configs for every host 2024-01-12 06:49:44 +01:00			`- path_regex: secrets\/hosts\/nixos-framework\.yaml$`
			`key_groups:`
			`- pgp:`
update 2024-05-05 11:20:05 +02:00			`- *albert`
			`- *nixos-framework`
separate configs for every host 2024-01-12 06:49:44 +01:00
			`- path_regex: secrets\/hosts\/framework-server\.yaml$`
			`key_groups:`
			`- pgp:`
update 2024-05-05 11:20:05 +02:00			`- *albert`
			`- *framework-server`
separate configs for every host 2024-01-12 06:49:44 +01:00
			`- path_regex: secrets\/hosts\/piaware-rpi4\.yaml$`
			`key_groups:`
			`- pgp:`
update 2024-05-05 11:20:05 +02:00			`- *albert`
			`- *piaware-rpi4`
separate configs for every host 2024-01-12 06:49:44 +01:00
			`- path_regex: secrets\/hosts\/backups-rpi4\.yaml$`
update sops.yaml 2023-12-14 02:42:29 +01:00			`key_groups:`
			`- pgp:`
update 2024-05-05 11:20:05 +02:00			`- *albert`
			`- *backups-rpi4`
Updating keys 2024-04-25 04:48:42 +02:00
			`- path_regex: secrets\/hosts\/steamdeck\.yaml$`
			`key_groups:`
			`- pgp:`
update 2024-05-05 11:20:05 +02:00			`- *albert`
			`- *steamdeck`
Updating keys 2024-04-25 04:48:42 +02:00
			`- path_regex: secrets\/hosts\/bakersfield-rpi4\.yaml$`
			`key_groups:`
			`- pgp:`
update 2024-05-05 11:20:05 +02:00			`- *albert`
			`- *bakersfield-rpi4`
Testing 2024-04-25 05:06:06 +02:00
			`- path_regex: secrets\/hosts\/quitman-rpi4\.yaml$`
			`key_groups:`
			`- pgp:`
update 2024-05-05 11:20:05 +02:00			`- *albert`
tsting 2024-04-25 12:36:23 +02:00
			`- path_regex: secrets\/hosts\/nixos-desktop\.yaml$`
			`key_groups:`
			`- pgp:`
update 2024-05-05 11:20:05 +02:00			`- *albert`
tsting 2024-04-25 12:36:23 +02:00
Updates 2024-04-25 12:49:16 +02:00			`- path_regex: secrets\/hosts\/nuc-server\.yaml$`
			`key_groups:`
			`- pgp:`
update 2024-05-05 11:20:05 +02:00			`- *albert`
Updates 2024-04-25 12:49:16 +02:00