nix/.sops.yaml

keys:
  - &users:
    - &albert           4A89D6B44B7E423B647C7AE848FBC3335A26DED6
  - &hosts:
    - &nixos-framework  aaec681e4fb9dcdd15d0d367a86615d17653d819
    - &steamdeck        d01f806e6f0909dc470a676b6fe398ca0043ab53
    - &framework-server dfd3a496aba156fa521e82ada77d68dc727cf52b
    - &osaka-linode-01  5f548d87ab2b8a4d48d80da3f2ff8352998da7fa
    - &milan-linode-01  264f9137377eda3b95c82c86cebd6d17984b8d4e
    - &piaware-rpi4     4216b645667670a6130bb95a72a56f8269cd0818
    - &backups-rpi4     8b37122bb46dc98c208002d65e94778ecd94bd4e
    - &bakersfield-rpi4 c93d5c2da5efe4ba4103c8f571faa392f202eed4
    - &quitman-rpi4     
    - &nixos-desktop    
    - &nuc-server

creation_rules:
  
  # Shared:
  - path_regex: secrets\/yubikey\.yaml$
    key_groups:
      - pgp:
        - *albert
        - *nixos-framework

  - path_regex: secrets\/secrets\.yaml$
    key_groups:
    - pgp:
      - *albert
      - *osaka-linode-01
      - *milan-linode-01
      - *nixos-framework
      - *framework-server
      - *piaware-rpi4
      - *backups-rpi4
      - *bakersfield-rpi4
      - *steamdeck

  - path_regex: secrets\/wireguard\.yaml$
    key_groups:
    - pgp: 
      - *albert
      - *osaka-linode-01
      - *framework-server
      - *backups-rpi4

  # Users 
  - path_regex: secrets\/users\/albert\.yaml$
    key_groups:
    - pgp:
      - *albert
      - *osaka-linode-01
      - *milan-linode-01
      - *nixos-framework
      - *framework-server
      - *piaware-rpi4
      - *backups-rpi4
      - *bakersfield-rpi4
      - *steamdeck

  # Containers 
  - path_regex: secrets\/containers\/rdesktop\.yaml$
    key_groups:
    - pgp:
      - *albert
      - *framework-server

  # Machines 
  - path_regex: secrets\/hosts\/milan-linode-01\.yaml$
    key_groups:
    - pgp:
      - *albert
      - *milan-linode-01

  - path_regex: secrets\/hosts\/osaka-linode-01\.yaml$
    key_groups:
    - pgp:
      - *albert
      - *osaka-linode-01

  - path_regex: secrets\/hosts\/nixos-framework\.yaml$
    key_groups:
    - pgp:
      - *albert
      - *nixos-framework

  - path_regex: secrets\/hosts\/framework-server\.yaml$
    key_groups:
    - pgp:
      - *albert
      - *framework-server

  - path_regex: secrets\/hosts\/piaware-rpi4\.yaml$
    key_groups:
    - pgp:
      - *albert
      - *piaware-rpi4

  - path_regex: secrets\/hosts\/backups-rpi4\.yaml$
    key_groups:
    - pgp: 
      - *albert
      - *backups-rpi4
 
  - path_regex: secrets\/hosts\/steamdeck\.yaml$
    key_groups:
    - pgp: 
      - *albert
      - *steamdeck

  - path_regex: secrets\/hosts\/bakersfield-rpi4\.yaml$
    key_groups:
    - pgp: 
      - *albert
      - *bakersfield-rpi4
  
  - path_regex: secrets\/hosts\/quitman-rpi4\.yaml$
    key_groups:
    - pgp: 
      - *albert

  - path_regex: secrets\/hosts\/nixos-desktop\.yaml$
    key_groups:
    - pgp:
      - *albert

  - path_regex: secrets\/hosts\/nuc-server\.yaml$
    key_groups:
    - pgp:
      - *albert