c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity
nix-config/.sops.yaml

437 lines
11 KiB
YAML
Raw Permalink Blame History

keys:
# The PGP keys in keys/
- &admins
- DD0998E6CDF294537FC604F991FA5E5BF9AA901C # 0xA
- A5EE826D645DBE35F9B0993358512AE87A69900F # astro
- 8F79E6CD6434700615867480D11A514F5095BFA8 # dennis
- 4F9F44A64CC2E438979329E1F122F05437696FCE # poelzi
- 91EBE87016391323642A6803B966009D57E69CC6 # revol-xut
- 53B26AEDC08246715E15504B236B6291555E8401 # sandro
- 4B12EFA69166CA8C23FC47E49CD3A46248B660CA # vv01f
- A4B0F5A80C2E2448A97BEC25BB829C4DECA6CCB9 # winzlieb
- &users
- A5EE826D645DBE35F9B0993358512AE87A69900F # astro
- 8F79E6CD6434700615867480D11A514F5095BFA8 # dennis
- 53B26AEDC08246715E15504B236B6291555E8401 # sandro
- 9580391316684474BFBD41EC3E8C55248C19AF2A # xyrill
- &polygon-snowflake age12aukzah0pt2rck52hwn08kezyxueqz2f49ld7hpyuzmu847vavdqkunn5c # polygon
# Generate AGE keys from SSH keys with:
# nix-shell -p ssh-to-age --run 'ssh some.serv.zentralwerk.org cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
- &activity-relay age1a8k72egc2vg4jn445wwcr0a68y9xu5ft68s2xwehugs5sjawpv4q5nnrmy
- &auth age1y7lxpxskqclwqluft2ct2c3u8weehus6t8evwk7cdnpakxzgcquspn827x
- &blogs age1lccjvj9z8de4hfrdeumm9eu7awef4d9jygv3w7zdash3fhv6e53quy53wz
- &broker age1dj0d0339f4law7qvuzcv2fs6sf8why63s3l8tja0f8vsj7wefcds9drvte
- &buzzrelay age1j2euh5qt4a7cvx0t93uj4n9t8y8tkv9h3nefszc6g2q7t7gvngxswhrve0
- &c3d2-web age18h6vmfduhmj28wxdgur8wugn7scm5vwvwkj5sr4f7nl0czr2zvaqscsdsv
- &caveman age13dl5qjzddaazmquf7zfecru5tr4ld8l8xd7xpmhaqqzmchpua4usswqykd
- &dacbert age1g2ewsxcu5uqlesaznp2qwlcz8w66pxh4qxkul8wu7x8g2hw83saqxynpyk
- &dn42 age1726t33dl7pv3xrxxlafj2sexh7c0jm8pza84yu6l3wpz3fw5dauqxlass3
- &drone age1w6u8zjfya63q9rjfll98eegnfdsvyaspnwn802t2mxh47gt8p30q0kn898
- &freifunk age17rrjtdgzzwgjatyqqv27pftx42t8xhksls46jc3f78juzw4g04vsd7lr7e
- &ftp age1lkr5rkf3z0976g8snmznf755gnexhjkwpzsw8xxwyesqmneawa4qgsqx77
- &gitea age12n5k6c4rxp4mjnexw9uw83yp34sallt44kldupfmxr2xkppj8a8sdsmv8h
- &glotzbert age1zqpep2vgfqeyvtj2jpxczfgrpjffwda429rnuztfp0vpqsrqdq8s8f4yua
- &gnunet age1kk0thtx6mg5cs0gqm4ylc4r8w6klq660s3j04w7m8w0w084yrpcqh3tqwf
- &grafana age1yahhqn2620300n20k68az5lr2u42wdgtjwysgqyr99a4cj52ay0qjw02pl
- &hedgedoc age1jt5pj0c0fvmzg7quaucq4n2rzcx9ajzstp8ruwc8ewjpay5vqfqsdjaal8
- &home-assistant age1l2tld2cttpkj4vpuh9hm4xjwq94rmf8vukjgvdzcvwwtze6k6s6qjf0s5r
- &hydra age1px8sjpcmnz27ayczzu883n0p5ad34vnzj6rl9y2eyye546v0m3dqfqx459
- &jabber age1tnq862ekxepjkes6efr282uj9gtcsqru04s5k0l2enq5djxyt5as0k0c2a
- &knot age1hfzpctkk5tz0ddc86ul9t0nf8c37jtngawepvgxk5rxlvv938vusx4kuc6
- &mail age15t7hj27j6ccs8u7mfz8su3aa74g4dxp4crkgc3c0rs28hct7q4ssgk8zcm
- &mastodon age1dcpd6u4psq3hehjyjrt3s7kzmnvxd20vsc8urjcdv6anr5v7ky2sq9rhtt
- &matemat age15vmz2evhnkn26fyt4vqvgztfrsr2s8qavd2m6zfjmkh84q2g75csnc5kr6
- &matrix age1s2ww76ll6nclz74gny27tk42xfsepl23z2k0849a8jv8xpnmpe3shgunxr
- &mediawiki age1xjvep7hsnfefgxvuwall8nq0486qu8yknhzwhf0cskw5xlpm8qws9txc56
- &mobilizon age182ms3ygypflk7mtpemp4k4ks9rz4gwhvzc9jlk95u4py5q68ppxstzu2e3
- &mucbot age1qen44cx5sx0y299zl93cz3tflx8agt8y9vtm0d4uxw42t9gyecdsw9jade
- &nfsroot age18yxgwpakrkzq8ca2enayf79py25se3d8dsed2q523869re30jcaqx6rjln
- &nncp age15853dr2kd6r2329tkcanwnruh6zd2xvsu5twc7gnxeyu3h7t6q5scckaq8
- &oparl age14aq8fscrwkgmu5yv86vj7p7kmxclzs6dp7fpvdhvrnmce83ztphqc4mr9q
- &owncast age1cp9gsuyfu52exk0hr3fvj404v5njhahakzwlugwtneyrs4vgdyaq0sg92f
- &pretalx age1u6xeayzwfdj9l0mg3f4xvjd8e9nemz5psqavauvacjgp2nku95yqc4f29s
- &prometheus age13xhxqulvswuckmpkmy2fgeqd5jx0ar8e2hst33leljt69r6hsvnsrdw63k
- &public-access-proxy age1xcj6peyaf5xvj2673vl9j0z7supwtw7hzuk782zk7gt69k2ykytqe65mg5
- &pulsebert age12hdk2stter0cjexxwx3sqn9wx3vmptkxszvx7knq9zgm9uqzjs7suvkcqu
- &radiobert age1lga6hjmxa95fmtdn3frlmy64ej3hyswxrcuz25qvw0kfsxkqeugs8gjw8q
- &riscbert age148d87gqw59lmst5jv3vynhsu3tv4t4sj49s4lktvnplfcrjq2y5sjcwsu8
- &scrape age1p60rg45qrzpv2hcfzxl8d8k9afkk7dtrhr98cngeyuhlega83ynssmtx5k
- &sdrweb age1makkpv2t74lxmw0nk6m89nespva7j700pmt83pl5a4ldtj2k8fzqakw8h7
- &server10 age15qj8latetnrmgzd7krq02y65kn7lhq2pcwv8cvzej2783u5a9scqs79nmf
- &server8 age12jcu0jtw7m96evxnd0vu6lvsm8uswslrdhxd2u655vjrwhljmqdsptry37
- &server9 age15vrlmtckjf4j242juw7l5e0s6eunn67ejr9acaztnl3tmvwpufrsevntva
- &spaceapi age125k9uyqw5ae5jqkfsak4d6c6rcx9q63ywuusk62pmxdnhwzqxgqq2jsau7
- &storage-ng age1qjvds58pedjdk9rj0yqfvad4xhpteapr9chvfucwcgwrsr8n7axqyhg2vu
- &stream age14h2npkt6m40ewkkaee7zx49redew5rjsjpm70qhka8cwkekmspqqpspy4g
- &ticker age1kdrpaqsy7gdnf80fpq6qrrc98nqjuzzlqx955uk2pkky3xcxky8sw9cdjl
- &vaultwarden age1xs22728ltpl3yh8hzvwt4g3gk8uc32lg8cqh86fp5d8c2jlvp3gshmejun
creation_rules:
- path_regex: modules/backup\.yaml$
key_groups:
- pgp: *admins
age:
- *activity-relay
- *auth
- *blogs
- *buzzrelay
- *caveman
- *drone
- *gitea
- *grafana
- *hedgedoc
- *home-assistant
- *hydra
- *jabber
- *mail
- *mastodon
- *matemat
- *matrix
- *mediawiki
- *mobilizon
- *owncast
- *pretalx
- *sdrweb
- *ticker
- *vaultwarden
- *polygon-snowflake
- path_regex: modules/cluster/[^/]+\.yaml$
key_groups:
- pgp: *admins
age:
- *hydra
- *server8
- *server9
- *server10
- *polygon-snowflake
- path_regex: config/[^/]+\.yaml$
key_groups:
- pgp: *admins
age:
- *polygon-snowflake
- *auth
- *blogs
- *broker
- *buzzrelay
- *c3d2-web
- *dacbert
- *dn42
- *freifunk
- *ftp
- *gitea
- *glotzbert
- *gnunet
- *grafana
- *hedgedoc
- *hydra
- *jabber
- *knot
- *mail
- *mastodon
- *matemat
- *matrix
- *mediawiki
- *mucbot
- *nfsroot
- *oparl
- *pretalx
- *prometheus
- *public-access-proxy
- *pulsebert
- *radiobert
- *riscbert
- *scrape
- *sdrweb
- *server8
- *server9
- *server10
- *spaceapi
- *storage-ng
- *stream
- *ticker
- *vaultwarden
- path_regex: hosts/activity-relay/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *activity-relay
- *polygon-snowflake
- path_regex: hosts/auth/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *auth
- *polygon-snowflake
- path_regex: hosts/knot/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *knot
- *polygon-snowflake
- path_regex: hosts/blogs/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *blogs
- *polygon-snowflake
- path_regex: hosts/broker/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *broker
- *polygon-snowflake
- path_regex: hosts/buzzrelay/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *buzzrelay
- *polygon-snowflake
- path_regex: hosts/c3d2-web/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *c3d2-web
- *polygon-snowflake
- path_regex: hosts/caveman/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *caveman
- *polygon-snowflake
- path_regex: hosts/dacbert/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *dacbert
- *polygon-snowflake
- path_regex: hosts/dn42/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *dn42
- *polygon-snowflake
- path_regex: hosts/drone/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *drone
- *polygon-snowflake
- path_regex: hosts/freifunk/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *freifunk
- *polygon-snowflake
- path_regex: hosts/gitea/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *gitea
- *polygon-snowflake
- path_regex: hosts/glotzbert/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *glotzbert
- *polygon-snowflake
- path_regex: hosts/grafana/secrets+\.yaml$
key_groups:
- pgp: *admins
age:
- *grafana
- *polygon-snowflake
- path_regex: hosts/hedgedoc/secrets+\.yaml$
key_groups:
- pgp: *admins
age:
- *hedgedoc
- *polygon-snowflake
- path_regex: hosts/home-assistant/secrets+\.yaml$
key_groups:
- pgp: *admins
age:
- *home-assistant
- *polygon-snowflake
- path_regex: hosts/hydra/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *hydra
- *polygon-snowflake
- path_regex: hosts/jabber/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *jabber
- *polygon-snowflake
- path_regex: hosts/mail/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *mail
- *polygon-snowflake
- path_regex: hosts/mastodon/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *mastodon
- *polygon-snowflake
- path_regex: hosts/matemat/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *matemat
- *polygon-snowflake
- path_regex: hosts/matrix/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *matrix
- *polygon-snowflake
- path_regex: hosts/mediawiki/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *mediawiki
- *polygon-snowflake
- path_regex: hosts/mobilizon/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *mobilizon
- *polygon-snowflake
- path_regex: hosts/mucbot/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *mucbot
- *polygon-snowflake
- path_regex: hosts/oparl/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *oparl
- *polygon-snowflake
- path_regex: hosts/owncast/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *owncast
- *polygon-snowflake
- path_regex: hosts/pretalx/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *pretalx
- *polygon-snowflake
- path_regex: hosts/sdrweb/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *sdrweb
- *polygon-snowflake
- path_regex: hosts/radiobert/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *radiobert
- *polygon-snowflake
- path_regex: hosts/scrape/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *scrape
- *polygon-snowflake
- path_regex: hosts/server8/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *server8
- *polygon-snowflake
- path_regex: hosts/server9/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *server9
- *polygon-snowflake
- path_regex: hosts/server10/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *server10
- *polygon-snowflake
- path_regex: hosts/storage-ng/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *storage-ng
- *polygon-snowflake
- path_regex: hosts/ticker/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *ticker
- *polygon-snowflake
- path_regex: hosts/prometheus/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *prometheus
- *polygon-snowflake
- path_regex: hosts/stream/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *stream
- *polygon-snowflake
- path_regex: hosts/vaultwarden/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *vaultwarden
- *polygon-snowflake
Reference in New Issue View Git Blame Copy Permalink