nix-config/.sops.yaml

keys:
  - &admin_oxa DD0998E6CDF294537FC604F991FA5E5BF9AA901C
  - &admin_revol-xut 91EBE87016391323642A6803B966009D57E69CC6
  - &admin_marenz-1 069836A578F7939612DB4934F77D0F7E247A1EE4
  - &admin_marenz-2 ED06986DFAAE6A61B751DC2F537F97DFB394C433
  # - &admin_astro
  - &data-hoarder age1zmuyxqnhq7naxa8egf24gzz2tjqtg5j9yv8zhvcxta08xqr8h9aqq7fjca
  - &data-hoarder-staging age1m4g4y5ga2m8xdvs7rarda3tyk4gtkyta6pfyq2n3xmy47z20kfxq73m8r8
  # turmlabor
  - &traffic-stop-box-0 age1yxtur968m4xe0m3kj0waqpm2kuuywpp9f6t0rxl4f0262ze9n9jqehw0k5
  # zw
  - &traffic-stop-box-1 age1l8773krx0tuu85hv8wgrwdutgadv5efdxw0yzyq7taslhnpl9fxseuysne
  # chemnitz
  - &traffic-stop-box-2 age1l8773krx0tuu85hv8wgrwdutgadv5efdxw0yzyq7taslhnpl9fxseuysne
  # staging boxes
  - &traffic-stop-box-3 age1l8773krx0tuu85hv8wgrwdutgadv5efdxw0yzyq7taslhnpl9fxseuysne
  - &traffic-stop-box-4 age1l8773krx0tuu85hv8wgrwdutgadv5efdxw0yzyq7taslhnpl9fxseuysne
  # - &mobile-box
creation_rules:
  - path_regex: secrets/[^/]+\.yaml$
    key_groups:
      - pgp:
        - *admin_oxa
        - *admin_revol-xut
        - *admin_marenz-1
        - *admin_marenz-2
        age:
        - *data-hoarder
        - *data-hoarder-staging
        - *traffic-stop-box-0
        - *traffic-stop-box-1
        - *traffic-stop-box-2
  - path_regex: secrets/data-hoarder/[^/]+\.yaml$
    key_groups:
      - pgp:
        - *admin_oxa
        - *admin_revol-xut
        - *admin_marenz-1
        - *admin_marenz-2
        age:
        - *data-hoarder
        - *data-hoarder-staging
  - path_regex: secrets/data-hoarder-staging/[^/]+\.yaml$
    key_groups:
      - pgp:
        - *admin_oxa
        - *admin_revol-xut
        - *admin_marenz-1
        - *admin_marenz-2
        age:
        - *data-hoarder
        - *data-hoarder-staging
  - path_regex: secrets/traffic-stop-box/[^/]+\.yaml$
    key_groups:
      - pgp:
        - *admin_oxa
        - *admin_revol-xut
        - *admin_marenz-1
        - *admin_marenz-2
        age:
        - *traffic-stop-box-0
        - *traffic-stop-box-1
        - *traffic-stop-box-2
  - path_regex: secrets/traffic-stop-box-0/[^/]+\.yaml$
    key_groups:
      - pgp:
        - *admin_oxa
        - *admin_revol-xut
        - *admin_marenz-1
        - *admin_marenz-2
        age:
        - *traffic-stop-box-0
  - path_regex: secrets/traffic-stop-box-1/[^/]+\.yaml$
    key_groups:
      - pgp:
        - *admin_oxa
        - *admin_revol-xut
        - *admin_marenz-1
        - *admin_marenz-2
        age:
        - *traffic-stop-box-1
  - path_regex: secrets/traffic-stop-box-2/[^/]+\.yaml$
    key_groups:
      - pgp:
        - *admin_oxa
        - *admin_revol-xut
        - *admin_marenz-1
        - *admin_marenz-2
        age:
        - *traffic-stop-box-2
  - path_regex: secrets/traffic-stop-box-3/[^/]+\.yaml$
    key_groups:
      - pgp:
        - *admin_oxa
        - *admin_revol-xut
        - *admin_marenz-1
        - *admin_marenz-2
        age:
        - *traffic-stop-box-3
  - path_regex: secrets/traffic-stop-box-4/[^/]+\.yaml$
    key_groups:
      - pgp:
        - *admin_oxa
        - *admin_revol-xut
        - *admin_marenz-1
        - *admin_marenz-2
        age:
        - *traffic-stop-box-4
Secret Management via Sops (#6) * sops: init * add my gpg keys * sops: add @revol-xut key * add gpg pub key * update gpg keys * .sops.yaml: add marenz * sops: add secrets for traffix-stop-box-3 and 4 * build sops-install-secrets on hydra * sops: add keys for traffic-stop-box-{3,4} Co-authored-by: revol-xut <revol-xut@protonmail.com> Co-authored-by: Markus Schmidl <markus.schmidl@mailbox.tu-dresden.de> 2022-05-31 18:56:43 +02:00			`keys:`
			`- &admin_oxa DD0998E6CDF294537FC604F991FA5E5BF9AA901C`
			`- &admin_revol-xut 91EBE87016391323642A6803B966009D57E69CC6`
			`- &admin_marenz-1 069836A578F7939612DB4934F77D0F7E247A1EE4`
			`- &admin_marenz-2 ED06986DFAAE6A61B751DC2F537F97DFB394C433`
			`# - &admin_astro`
			`- &data-hoarder age1zmuyxqnhq7naxa8egf24gzz2tjqtg5j9yv8zhvcxta08xqr8h9aqq7fjca`
sops: rotate data-hoarder-staging key 2022-06-06 04:09:12 +02:00			`- &data-hoarder-staging age1m4g4y5ga2m8xdvs7rarda3tyk4gtkyta6pfyq2n3xmy47z20kfxq73m8r8`
Secret Management via Sops (#6) * sops: init * add my gpg keys * sops: add @revol-xut key * add gpg pub key * update gpg keys * .sops.yaml: add marenz * sops: add secrets for traffix-stop-box-3 and 4 * build sops-install-secrets on hydra * sops: add keys for traffic-stop-box-{3,4} Co-authored-by: revol-xut <revol-xut@protonmail.com> Co-authored-by: Markus Schmidl <markus.schmidl@mailbox.tu-dresden.de> 2022-05-31 18:56:43 +02:00			`# turmlabor`
			`- &traffic-stop-box-0 age1yxtur968m4xe0m3kj0waqpm2kuuywpp9f6t0rxl4f0262ze9n9jqehw0k5`
			`# zw`
			`- &traffic-stop-box-1 age1l8773krx0tuu85hv8wgrwdutgadv5efdxw0yzyq7taslhnpl9fxseuysne`
			`# chemnitz`
			`- &traffic-stop-box-2 age1l8773krx0tuu85hv8wgrwdutgadv5efdxw0yzyq7taslhnpl9fxseuysne`
			`# staging boxes`
			`- &traffic-stop-box-3 age1l8773krx0tuu85hv8wgrwdutgadv5efdxw0yzyq7taslhnpl9fxseuysne`
			`- &traffic-stop-box-4 age1l8773krx0tuu85hv8wgrwdutgadv5efdxw0yzyq7taslhnpl9fxseuysne`
			`# - &mobile-box`
			`creation_rules:`
			`- path_regex: secrets/[^/]+\.yaml$`
			`key_groups:`
			`- pgp:`
			`- *admin_oxa`
			`- *admin_revol-xut`
			`- *admin_marenz-1`
			`- *admin_marenz-2`
			`age:`
			`- *data-hoarder`
			`- *data-hoarder-staging`
			`- *traffic-stop-box-0`
			`- *traffic-stop-box-1`
			`- *traffic-stop-box-2`
			`- path_regex: secrets/data-hoarder/[^/]+\.yaml$`
			`key_groups:`
			`- pgp:`
			`- *admin_oxa`
			`- *admin_revol-xut`
			`- *admin_marenz-1`
			`- *admin_marenz-2`
			`age:`
			`- *data-hoarder`
			`- *data-hoarder-staging`
moved staging keys into seperate file 2022-05-31 21:29:48 +02:00			`- path_regex: secrets/data-hoarder-staging/[^/]+\.yaml$`
			`key_groups:`
			`- pgp:`
			`- *admin_oxa`
			`- *admin_revol-xut`
			`- *admin_marenz-1`
			`- *admin_marenz-2`
			`age:`
			`- *data-hoarder`
			`- *data-hoarder-staging`
Secret Management via Sops (#6) * sops: init * add my gpg keys * sops: add @revol-xut key * add gpg pub key * update gpg keys * .sops.yaml: add marenz * sops: add secrets for traffix-stop-box-3 and 4 * build sops-install-secrets on hydra * sops: add keys for traffic-stop-box-{3,4} Co-authored-by: revol-xut <revol-xut@protonmail.com> Co-authored-by: Markus Schmidl <markus.schmidl@mailbox.tu-dresden.de> 2022-05-31 18:56:43 +02:00			`- path_regex: secrets/traffic-stop-box/[^/]+\.yaml$`
			`key_groups:`
			`- pgp:`
			`- *admin_oxa`
			`- *admin_revol-xut`
			`- *admin_marenz-1`
			`- *admin_marenz-2`
			`age:`
			`- *traffic-stop-box-0`
			`- *traffic-stop-box-1`
			`- *traffic-stop-box-2`
			`- path_regex: secrets/traffic-stop-box-0/[^/]+\.yaml$`
			`key_groups:`
			`- pgp:`
			`- *admin_oxa`
			`- *admin_revol-xut`
			`- *admin_marenz-1`
			`- *admin_marenz-2`
			`age:`
			`- *traffic-stop-box-0`
			`- path_regex: secrets/traffic-stop-box-1/[^/]+\.yaml$`
			`key_groups:`
			`- pgp:`
			`- *admin_oxa`
			`- *admin_revol-xut`
			`- *admin_marenz-1`
			`- *admin_marenz-2`
			`age:`
			`- *traffic-stop-box-1`
			`- path_regex: secrets/traffic-stop-box-2/[^/]+\.yaml$`
			`key_groups:`
			`- pgp:`
			`- *admin_oxa`
			`- *admin_revol-xut`
			`- *admin_marenz-1`
			`- *admin_marenz-2`
			`age:`
			`- *traffic-stop-box-2`
			`- path_regex: secrets/traffic-stop-box-3/[^/]+\.yaml$`
			`key_groups:`
			`- pgp:`
			`- *admin_oxa`
			`- *admin_revol-xut`
			`- *admin_marenz-1`
			`- *admin_marenz-2`
			`age:`
			`- *traffic-stop-box-3`
			`- path_regex: secrets/traffic-stop-box-4/[^/]+\.yaml$`
			`key_groups:`
			`- pgp:`
			`- *admin_oxa`
			`- *admin_revol-xut`
			`- *admin_marenz-1`
			`- *admin_marenz-2`
			`age:`
			`- *traffic-stop-box-4`