nix-config/.sops.yaml

228 lines
7.5 KiB
YAML

keys:
# The PGP keys in keys/
- &admins
- A5EE826D645DBE35F9B0993358512AE87A69900F # astro
#- 270DAEB0EC5A129CE1F38E2FCB5009A2DB4C5190 # blastmaster
- D4E89C6A0A58EE803EF708EFA9B23715F7AA3F1A # deployer
#- 844267BA729E32B3329B9DBF59E238FC65F349F2 # eri
- A4B0F5A80C2E2448A97BEC25BB829C4DECA6CCB9 # winzlieb
#- 9580391316684474BFBD41EC3E8C55248C19AF2A # xyrill
- 4F9F44A64CC2E438979329E1F122F05437696FCE # poelzi
#- B2918084D9BA194C66AE78769E5D7AAA5B6B2D79 # schmittlauch?
- 4B12EFA69166CA8C23FC47E49CD3A46248B660CA # vv01f
- 9EA68B7F21204979645182E4287B083353C3241C # j03
- 53B26AEDC08246715E15504B236B6291555E8401 # sandro
- 91EBE87016391323642A6803B966009D57E69CC6 # revol-xut
- &polygon-snowflake age12aukzah0pt2rck52hwn08kezyxueqz2f49ld7hpyuzmu847vavdqkunn5c # polygon
# Generate AGE keys from SSH keys with:
# nix shell nixpkgs#ssh-to-age
# ssh-to-age < /etc/ssh/ssh_host_ed25519_key.pub
- &auth age1y7lxpxskqclwqluft2ct2c3u8weehus6t8evwk7cdnpakxzgcquspn827x
- &bind age1hfzpctkk5tz0ddc86ul9t0nf8c37jtngawepvgxk5rxlvv938vusx4kuc6
- &blogs age1lccjvj9z8de4hfrdeumm9eu7awef4d9jygv3w7zdash3fhv6e53quy53wz
- &broker age1dj0d0339f4law7qvuzcv2fs6sf8why63s3l8tja0f8vsj7wefcds9drvte
- &buzzrelay age1j2euh5qt4a7cvx0t93uj4n9t8y8tkv9h3nefszc6g2q7t7gvngxswhrve0
- &c3d2-web age18h6vmfduhmj28wxdgur8wugn7scm5vwvwkj5sr4f7nl0czr2zvaqscsdsv
- &dacbert age1hg0mmua5y82ct7l6q9gpc8w940ce5seqcjhm4dgx7tlzvflznyas7v3hf4
- &direkthilfe age1qe8wvy8kdmfdxh505apkqnnquqgtvykd6x6qlxmzqp93cv6wjy4qlu5mpj
- &dn42 age1726t33dl7pv3xrxxlafj2sexh7c0jm8pza84yu6l3wpz3fw5dauqxlass3
- &factorio age1av4ww0zzyas0egzwkpdaj4crwz3vwnhpq0nfez2zad4me38zss7sjz5kw2
- &freifunk age17rrjtdgzzwgjatyqqv27pftx42t8xhksls46jc3f78juzw4g04vsd7lr7e
- &ftp age1lkr5rkf3z0976g8snmznf755gnexhjkwpzsw8xxwyesqmneawa4qgsqx77
- &gitea age12n5k6c4rxp4mjnexw9uw83yp34sallt44kldupfmxr2xkppj8a8sdsmv8h
- &glotzbert age1zqpep2vgfqeyvtj2jpxczfgrpjffwda429rnuztfp0vpqsrqdq8s8f4yua
- &gnunet age1kk0thtx6mg5cs0gqm4ylc4r8w6klq660s3j04w7m8w0w084yrpcqh3tqwf
- &grafana age1yahhqn2620300n20k68az5lr2u42wdgtjwysgqyr99a4cj52ay0qjw02pl
- &hedgedoc age1jt5pj0c0fvmzg7quaucq4n2rzcx9ajzstp8ruwc8ewjpay5vqfqsdjaal8
- &hydra age1px8sjpcmnz27ayczzu883n0p5ad34vnzj6rl9y2eyye546v0m3dqfqx459
- &jabber age1tnq862ekxepjkes6efr282uj9gtcsqru04s5k0l2enq5djxyt5as0k0c2a
- &kibana age15nj7xkv7nrewxam4cd0uw6glxeh9xmq46lu4zdnq23trqch4pufqm9phq6
- &leon age1cm0cjk2764s4pv5g7e67as34g9xtcltex96ga87wckndw62wqqlsvkscqc
- &leoncloud age1aw9s4kcd6ys64ddzzfya9ajzln2tv8pm9uvz6d85v0r6eq4dudqq5vts86
- &mailtngbert age1jr5mc4ekmjf4uk2ue4xcuy0yl202phlu2t6c544qfj45ahzag56s4d0kzj
- &mastodon age1dcpd6u4psq3hehjyjrt3s7kzmnvxd20vsc8urjcdv6anr5v7ky2sq9rhtt
- &matemat age15vmz2evhnkn26fyt4vqvgztfrsr2s8qavd2m6zfjmkh84q2g75csnc5kr6
- &mediawiki age1xjvep7hsnfefgxvuwall8nq0486qu8yknhzwhf0cskw5xlpm8qws9txc56
- &mucbot age1cqeh03zq0hvz5l78r678q93ey5mlw49lqy4whvgqxgenudth7g6skee6kh
- &nfsroot age18yxgwpakrkzq8ca2enayf79py25se3d8dsed2q523869re30jcaqx6rjln
- &nncp age15853dr2kd6r2329tkcanwnruh6zd2xvsu5twc7gnxeyu3h7t6q5scckaq8
- &oparl age14aq8fscrwkgmu5yv86vj7p7kmxclzs6dp7fpvdhvrnmce83ztphqc4mr9q
- &public-access-proxy age1xcj6peyaf5xvj2673vl9j0z7supwtw7hzuk782zk7gt69k2ykytqe65mg5
- &pulsebert age12hdk2stter0cjexxwx3sqn9wx3vmptkxszvx7knq9zgm9uqzjs7suvkcqu
- &radiobert age1lga6hjmxa95fmtdn3frlmy64ej3hyswxrcuz25qvw0kfsxkqeugs8gjw8q
- &riscbert age148d87gqw59lmst5jv3vynhsu3tv4t4sj49s4lktvnplfcrjq2y5sjcwsu8
- &scrape age1p60rg45qrzpv2hcfzxl8d8k9afkk7dtrhr98cngeyuhlega83ynssmtx5k
- &sdrweb age1makkpv2t74lxmw0nk6m89nespva7j700pmt83pl5a4ldtj2k8fzqakw8h7
- &server9 age15vrlmtckjf4j242juw7l5e0s6eunn67ejr9acaztnl3tmvwpufrsevntva
- &server10 age15qj8latetnrmgzd7krq02y65kn7lhq2pcwv8cvzej2783u5a9scqs79nmf
- &spaceapi age125k9uyqw5ae5jqkfsak4d6c6rcx9q63ywuusk62pmxdnhwzqxgqq2jsau7
- &stream age1j5csp5v5s2g8am47dd85kcke8986e0qc88f0vfgd3kmvwu8azg3smslk92
- &storage-ng age1qjvds58pedjdk9rj0yqfvad4xhpteapr9chvfucwcgwrsr8n7axqyhg2vu
- &ticker age1kdrpaqsy7gdnf80fpq6qrrc98nqjuzzlqx955uk2pkky3xcxky8sw9cdjl
- &prometheus age13xhxqulvswuckmpkmy2fgeqd5jx0ar8e2hst33leljt69r6hsvnsrdw63k
creation_rules:
- path_regex: config/[^/]+\.yaml$
key_groups:
- pgp: *admins
age:
- *polygon-snowflake
- *auth
- *bind
- *blogs
- *broker
- *buzzrelay
- *c3d2-web
- *dacbert
- *direkthilfe
- *dn42
- *factorio
- *freifunk
- *ftp
- *gitea
- *glotzbert
- *gnunet
- *grafana
- *hedgedoc
- *hydra
- *jabber
- *kibana
- *leon
- *leoncloud
- *mailtngbert
- *mastodon
- *matemat
- *mediawiki
- *mucbot
- *nfsroot
- *oparl
- *prometheus
- *public-access-proxy
- *pulsebert
- *radiobert
- *riscbert
- *scrape
- *sdrweb
- *server9
- *server10
- *spaceapi
- *stream
- *storage-ng
- *ticker
- path_regex: hosts/auth/[^/]+\.yaml$
key_groups:
- pgp: *admins
age:
- *auth
- *polygon-snowflake
- path_regex: hosts/blogs/[^/]+\.yaml$
key_groups:
- pgp: *admins
age:
- *blogs
- *polygon-snowflake
- path_regex: hosts/broker/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *broker
- *polygon-snowflake
- path_regex: hosts/buzzrelay/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *buzzrelay
- *polygon-snowflake
- path_regex: hosts/dn42/[^/]+\.yaml$
key_groups:
- pgp: *admins
age:
- *dn42
- *polygon-snowflake
- path_regex: hosts/dacbert/[^/]+\.yaml$
key_groups:
- pgp: *admins
age:
- *dacbert
- *polygon-snowflake
- path_regex: hosts/freifunk/[^/]+\.yaml$
key_groups:
- pgp: *admins
age:
- *freifunk
- *polygon-snowflake
- path_regex: hosts/glotzbert/[^/]+\.yaml$
key_groups:
- pgp: *admins
age:
- *glotzbert
- *polygon-snowflake
- path_regex: hosts/grafana/[^/]+\.yaml$
key_groups:
- pgp: *admins
age:
- *grafana
- *polygon-snowflake
- path_regex: hosts/hedgedoc/[^/]+\.yaml$
key_groups:
- pgp: *admins
age:
- *hedgedoc
- *polygon-snowflake
- path_regex: hosts/hydra/[^/]+\.yaml$
key_groups:
- pgp: *admins
age:
- *hydra
- *polygon-snowflake
- path_regex: hosts/kibana/[^/]+\.yaml$
key_groups:
- pgp: *admins
age:
- *kibana
- *polygon-snowflake
- path_regex: hosts/mailtngbert/[^/]+\.yaml$
key_groups:
- pgp: *admins
age:
- *mailtngbert
- *polygon-snowflake
- path_regex: hosts/mastodon/[^/]+\.yaml$
key_groups:
- pgp: *admins
age:
- *mastodon
- *polygon-snowflake
- path_regex: hosts/mediawiki/[^/]+\.yaml$
key_groups:
- pgp: *admins
age:
- *mediawiki
- *polygon-snowflake
- path_regex: hosts/oparl/secrets\.yaml$
key_groups:
- pgp: *admins
age:
- *oparl
- *polygon-snowflake
- path_regex: hosts/radiobert/[^/]+\.yaml$
key_groups:
- pgp: *admins
age:
- *radiobert
- *polygon-snowflake
- path_regex: hosts/storage-ng/[^/]+\.yaml$
key_groups:
- pgp: *admins
age:
- *storage-ng
- *polygon-snowflake
- path_regex: hosts/prometheus/[^/]+\.yaml$
key_groups:
- pgp: *admins
age:
- *prometheus
- *polygon-snowflake