keys: # The PGP keys in keys/ - &admins - DD0998E6CDF294537FC604F991FA5E5BF9AA901C # 0xA - A5EE826D645DBE35F9B0993358512AE87A69900F # astro - 8F79E6CD6434700615867480D11A514F5095BFA8 # dennis - 4F9F44A64CC2E438979329E1F122F05437696FCE # poelzi - 91EBE87016391323642A6803B966009D57E69CC6 # revol-xut - 53B26AEDC08246715E15504B236B6291555E8401 # sandro - 4B12EFA69166CA8C23FC47E49CD3A46248B660CA # vv01f - A4B0F5A80C2E2448A97BEC25BB829C4DECA6CCB9 # winzlieb - &users - A5EE826D645DBE35F9B0993358512AE87A69900F # astro - 8F79E6CD6434700615867480D11A514F5095BFA8 # dennis - 53B26AEDC08246715E15504B236B6291555E8401 # sandro - 9580391316684474BFBD41EC3E8C55248C19AF2A # xyrill - &polygon-snowflake age12aukzah0pt2rck52hwn08kezyxueqz2f49ld7hpyuzmu847vavdqkunn5c # polygon # Generate AGE keys from SSH keys with: # nix-shell -p ssh-to-age --run 'ssh some.serv.zentralwerk.org cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age' - &activity-relay age1a8k72egc2vg4jn445wwcr0a68y9xu5ft68s2xwehugs5sjawpv4q5nnrmy - &auth age1y7lxpxskqclwqluft2ct2c3u8weehus6t8evwk7cdnpakxzgcquspn827x - &blogs age1lccjvj9z8de4hfrdeumm9eu7awef4d9jygv3w7zdash3fhv6e53quy53wz - &broker age1dj0d0339f4law7qvuzcv2fs6sf8why63s3l8tja0f8vsj7wefcds9drvte - &buzzrelay age1j2euh5qt4a7cvx0t93uj4n9t8y8tkv9h3nefszc6g2q7t7gvngxswhrve0 - &c3d2-web age18h6vmfduhmj28wxdgur8wugn7scm5vwvwkj5sr4f7nl0czr2zvaqscsdsv - &caveman age13dl5qjzddaazmquf7zfecru5tr4ld8l8xd7xpmhaqqzmchpua4usswqykd - &dacbert age1g2ewsxcu5uqlesaznp2qwlcz8w66pxh4qxkul8wu7x8g2hw83saqxynpyk - &dn42 age1726t33dl7pv3xrxxlafj2sexh7c0jm8pza84yu6l3wpz3fw5dauqxlass3 - &drone age1w6u8zjfya63q9rjfll98eegnfdsvyaspnwn802t2mxh47gt8p30q0kn898 - &freifunk age17rrjtdgzzwgjatyqqv27pftx42t8xhksls46jc3f78juzw4g04vsd7lr7e - &ftp age1lkr5rkf3z0976g8snmznf755gnexhjkwpzsw8xxwyesqmneawa4qgsqx77 - &gitea age12n5k6c4rxp4mjnexw9uw83yp34sallt44kldupfmxr2xkppj8a8sdsmv8h - &glotzbert age1zqpep2vgfqeyvtj2jpxczfgrpjffwda429rnuztfp0vpqsrqdq8s8f4yua - &gnunet age1kk0thtx6mg5cs0gqm4ylc4r8w6klq660s3j04w7m8w0w084yrpcqh3tqwf - &grafana age1yahhqn2620300n20k68az5lr2u42wdgtjwysgqyr99a4cj52ay0qjw02pl - &hedgedoc age1jt5pj0c0fvmzg7quaucq4n2rzcx9ajzstp8ruwc8ewjpay5vqfqsdjaal8 - &home-assistant age1l2tld2cttpkj4vpuh9hm4xjwq94rmf8vukjgvdzcvwwtze6k6s6qjf0s5r - &hydra age1px8sjpcmnz27ayczzu883n0p5ad34vnzj6rl9y2eyye546v0m3dqfqx459 - &jabber age1tnq862ekxepjkes6efr282uj9gtcsqru04s5k0l2enq5djxyt5as0k0c2a - &knot age1hfzpctkk5tz0ddc86ul9t0nf8c37jtngawepvgxk5rxlvv938vusx4kuc6 - &mail age15t7hj27j6ccs8u7mfz8su3aa74g4dxp4crkgc3c0rs28hct7q4ssgk8zcm - &mastodon age1dcpd6u4psq3hehjyjrt3s7kzmnvxd20vsc8urjcdv6anr5v7ky2sq9rhtt - &matemat age15vmz2evhnkn26fyt4vqvgztfrsr2s8qavd2m6zfjmkh84q2g75csnc5kr6 - &matrix age1s2ww76ll6nclz74gny27tk42xfsepl23z2k0849a8jv8xpnmpe3shgunxr - &mediawiki age1xjvep7hsnfefgxvuwall8nq0486qu8yknhzwhf0cskw5xlpm8qws9txc56 - &mobilizon age182ms3ygypflk7mtpemp4k4ks9rz4gwhvzc9jlk95u4py5q68ppxstzu2e3 - &mucbot age1qen44cx5sx0y299zl93cz3tflx8agt8y9vtm0d4uxw42t9gyecdsw9jade - &nfsroot age18yxgwpakrkzq8ca2enayf79py25se3d8dsed2q523869re30jcaqx6rjln - &nncp age15853dr2kd6r2329tkcanwnruh6zd2xvsu5twc7gnxeyu3h7t6q5scckaq8 - &oparl age14aq8fscrwkgmu5yv86vj7p7kmxclzs6dp7fpvdhvrnmce83ztphqc4mr9q - &owncast age1cp9gsuyfu52exk0hr3fvj404v5njhahakzwlugwtneyrs4vgdyaq0sg92f - &pretalx age1u6xeayzwfdj9l0mg3f4xvjd8e9nemz5psqavauvacjgp2nku95yqc4f29s - &prometheus age13xhxqulvswuckmpkmy2fgeqd5jx0ar8e2hst33leljt69r6hsvnsrdw63k - &public-access-proxy age1xcj6peyaf5xvj2673vl9j0z7supwtw7hzuk782zk7gt69k2ykytqe65mg5 - &pulsebert age12hdk2stter0cjexxwx3sqn9wx3vmptkxszvx7knq9zgm9uqzjs7suvkcqu - &radiobert age1lga6hjmxa95fmtdn3frlmy64ej3hyswxrcuz25qvw0kfsxkqeugs8gjw8q - &riscbert age148d87gqw59lmst5jv3vynhsu3tv4t4sj49s4lktvnplfcrjq2y5sjcwsu8 - &scrape age1p60rg45qrzpv2hcfzxl8d8k9afkk7dtrhr98cngeyuhlega83ynssmtx5k - &sdrweb age1makkpv2t74lxmw0nk6m89nespva7j700pmt83pl5a4ldtj2k8fzqakw8h7 - &server10 age15qj8latetnrmgzd7krq02y65kn7lhq2pcwv8cvzej2783u5a9scqs79nmf - &server8 age12jcu0jtw7m96evxnd0vu6lvsm8uswslrdhxd2u655vjrwhljmqdsptry37 - &server9 age15vrlmtckjf4j242juw7l5e0s6eunn67ejr9acaztnl3tmvwpufrsevntva - &spaceapi age125k9uyqw5ae5jqkfsak4d6c6rcx9q63ywuusk62pmxdnhwzqxgqq2jsau7 - &storage-ng age1qjvds58pedjdk9rj0yqfvad4xhpteapr9chvfucwcgwrsr8n7axqyhg2vu - &stream age14h2npkt6m40ewkkaee7zx49redew5rjsjpm70qhka8cwkekmspqqpspy4g - &ticker age1kdrpaqsy7gdnf80fpq6qrrc98nqjuzzlqx955uk2pkky3xcxky8sw9cdjl - &vaultwarden age1xs22728ltpl3yh8hzvwt4g3gk8uc32lg8cqh86fp5d8c2jlvp3gshmejun creation_rules: - path_regex: modules/backup\.yaml$ key_groups: - pgp: *admins age: - *activity-relay - *auth - *blogs - *buzzrelay - *caveman - *drone - *gitea - *grafana - *hedgedoc - *home-assistant - *hydra - *jabber - *mail - *mastodon - *matemat - *matrix - *mediawiki - *mobilizon - *owncast - *pretalx - *sdrweb - *ticker - *vaultwarden - *polygon-snowflake - path_regex: modules/cluster/[^/]+\.yaml$ key_groups: - pgp: *admins age: - *hydra - *server8 - *server9 - *server10 - *polygon-snowflake - path_regex: config/[^/]+\.yaml$ key_groups: - pgp: *admins age: - *polygon-snowflake - *auth - *blogs - *broker - *buzzrelay - *c3d2-web - *dacbert - *dn42 - *freifunk - *ftp - *gitea - *glotzbert - *gnunet - *grafana - *hedgedoc - *hydra - *jabber - *knot - *mail - *mastodon - *matemat - *matrix - *mediawiki - *mucbot - *nfsroot - *oparl - *pretalx - *prometheus - *public-access-proxy - *pulsebert - *radiobert - *riscbert - *scrape - *sdrweb - *server8 - *server9 - *server10 - *spaceapi - *storage-ng - *stream - *ticker - *vaultwarden - path_regex: hosts/activity-relay/secrets\.yaml$ key_groups: - pgp: *admins age: - *activity-relay - *polygon-snowflake - path_regex: hosts/auth/secrets\.yaml$ key_groups: - pgp: *admins age: - *auth - *polygon-snowflake - path_regex: hosts/knot/secrets\.yaml$ key_groups: - pgp: *admins age: - *knot - *polygon-snowflake - path_regex: hosts/blogs/secrets\.yaml$ key_groups: - pgp: *admins age: - *blogs - *polygon-snowflake - path_regex: hosts/broker/secrets\.yaml$ key_groups: - pgp: *admins age: - *broker - *polygon-snowflake - path_regex: hosts/buzzrelay/secrets\.yaml$ key_groups: - pgp: *admins age: - *buzzrelay - *polygon-snowflake - path_regex: hosts/c3d2-web/secrets\.yaml$ key_groups: - pgp: *admins age: - *c3d2-web - *polygon-snowflake - path_regex: hosts/caveman/secrets\.yaml$ key_groups: - pgp: *admins age: - *caveman - *polygon-snowflake - path_regex: hosts/dacbert/secrets\.yaml$ key_groups: - pgp: *admins age: - *dacbert - *polygon-snowflake - path_regex: hosts/dn42/secrets\.yaml$ key_groups: - pgp: *admins age: - *dn42 - *polygon-snowflake - path_regex: hosts/drone/secrets\.yaml$ key_groups: - pgp: *admins age: - *drone - *polygon-snowflake - path_regex: hosts/freifunk/secrets\.yaml$ key_groups: - pgp: *admins age: - *freifunk - *polygon-snowflake - path_regex: hosts/gitea/secrets\.yaml$ key_groups: - pgp: *admins age: - *gitea - *polygon-snowflake - path_regex: hosts/glotzbert/secrets\.yaml$ key_groups: - pgp: *admins age: - *glotzbert - *polygon-snowflake - path_regex: hosts/grafana/secrets+\.yaml$ key_groups: - pgp: *admins age: - *grafana - *polygon-snowflake - path_regex: hosts/hedgedoc/secrets+\.yaml$ key_groups: - pgp: *admins age: - *hedgedoc - *polygon-snowflake - path_regex: hosts/home-assistant/secrets+\.yaml$ key_groups: - pgp: *admins age: - *home-assistant - *polygon-snowflake - path_regex: hosts/hydra/secrets\.yaml$ key_groups: - pgp: *admins age: - *hydra - *polygon-snowflake - path_regex: hosts/jabber/secrets\.yaml$ key_groups: - pgp: *admins age: - *jabber - *polygon-snowflake - path_regex: hosts/mail/secrets\.yaml$ key_groups: - pgp: *admins age: - *mail - *polygon-snowflake - path_regex: hosts/mastodon/secrets\.yaml$ key_groups: - pgp: *admins age: - *mastodon - *polygon-snowflake - path_regex: hosts/matemat/secrets\.yaml$ key_groups: - pgp: *admins age: - *matemat - *polygon-snowflake - path_regex: hosts/matrix/secrets\.yaml$ key_groups: - pgp: *admins age: - *matrix - *polygon-snowflake - path_regex: hosts/mediawiki/secrets\.yaml$ key_groups: - pgp: *admins age: - *mediawiki - *polygon-snowflake - path_regex: hosts/mobilizon/secrets\.yaml$ key_groups: - pgp: *admins age: - *mobilizon - *polygon-snowflake - path_regex: hosts/mucbot/secrets\.yaml$ key_groups: - pgp: *admins age: - *mucbot - *polygon-snowflake - path_regex: hosts/oparl/secrets\.yaml$ key_groups: - pgp: *admins age: - *oparl - *polygon-snowflake - path_regex: hosts/owncast/secrets\.yaml$ key_groups: - pgp: *admins age: - *owncast - *polygon-snowflake - path_regex: hosts/pretalx/secrets\.yaml$ key_groups: - pgp: *admins age: - *pretalx - *polygon-snowflake - path_regex: hosts/sdrweb/secrets\.yaml$ key_groups: - pgp: *admins age: - *sdrweb - *polygon-snowflake - path_regex: hosts/radiobert/secrets\.yaml$ key_groups: - pgp: *admins age: - *radiobert - *polygon-snowflake - path_regex: hosts/scrape/secrets\.yaml$ key_groups: - pgp: *admins age: - *scrape - *polygon-snowflake - path_regex: hosts/server8/secrets\.yaml$ key_groups: - pgp: *admins age: - *server8 - *polygon-snowflake - path_regex: hosts/server9/secrets\.yaml$ key_groups: - pgp: *admins age: - *server9 - *polygon-snowflake - path_regex: hosts/server10/secrets\.yaml$ key_groups: - pgp: *admins age: - *server10 - *polygon-snowflake - path_regex: hosts/storage-ng/secrets\.yaml$ key_groups: - pgp: *admins age: - *storage-ng - *polygon-snowflake - path_regex: hosts/ticker/secrets\.yaml$ key_groups: - pgp: *admins age: - *ticker - *polygon-snowflake - path_regex: hosts/prometheus/secrets\.yaml$ key_groups: - pgp: *admins age: - *prometheus - *polygon-snowflake - path_regex: hosts/stream/secrets\.yaml$ key_groups: - pgp: *admins age: - *stream - *polygon-snowflake - path_regex: hosts/vaultwarden/secrets\.yaml$ key_groups: - pgp: *admins age: - *vaultwarden - *polygon-snowflake