nix-config/.sops.yaml

keys:
  - &admin_oxa DD0998E6CDF294537FC604F991FA5E5BF9AA901C
  - &admin_revol-xut 91EBE87016391323642A6803B966009D57E69CC6
  - &admin_marenz-1 069836A578F7939612DB4934F77D0F7E247A1EE4
  - &admin_marenz-2 ED06986DFAAE6A61B751DC2F537F97DFB394C433

  - &data-hoarder age1djp5hk6vpm5glzqy9h2e2cgam5xydx888glgs85kvs57spaf8v0sfm0pa2
  - &data-hoarder-staging age1m4g4y5ga2m8xdvs7rarda3tyk4gtkyta6pfyq2n3xmy47z20kfxq73m8r8
  - &notice-me-senpai age1wxewmzwlzgtsmr29tnu76n30kv29ra5p0ptvr2e3f3ymkqh569kqm07fv4
  - &tram-borzoi age10sedt7xftzu383y8g4pxsj0hazht8tnnxhcngedcsl93s4v9uvvsk99er4
  - &uranus age1xnaw8ssrq2hpsntnt8kdu4dlqh4lz3dcq5lzwn490cskz886te6sreuale
  - &tetra-zw age1nknzqnqm2d7pxxjl4e4w50jk8t8xx947l2qgrjhpqjfd33ypjfusw7nszw

  # turmlabor
  - &traffic-stop-box-0 age1yxtur968m4xe0m3kj0waqpm2kuuywpp9f6t0rxl4f0262ze9n9jqehw0k5
  # zw
  - &traffic-stop-box-1 age1l8773krx0tuu85hv8wgrwdutgadv5efdxw0yzyq7taslhnpl9fxseuysne
  # chemnitz
  - &traffic-stop-box-2 age1l8773krx0tuu85hv8wgrwdutgadv5efdxw0yzyq7taslhnpl9fxseuysne
  # staging boxes
  - &traffic-stop-box-3 age173wya6aezrjwtff0y77ltstmaylskr992swjr8mjxypslt478uqq6kh4up
  - &traffic-stop-box-4 age1l6l5ln6455sxm85npeydlt4w6mem45kq90z7990wv488slp2m4vs3xf3hv
  # muenster
  - &traffic-stop-box-6 age1sgd9lvwgda2rgmhfxkve5u3ljdgjcrs79a2juq766jkvz23v34usgt039z
  # aachen
  - &traffic-stop-box-7 age1z5n0seu0qpt3y86gmz92mnmts0x8jd0a646e9ld2x5dqvvu5kgzsu93um4
  # Hannover Bredero Hochhaus City
  - &traffic-stop-box-8 age1ejk6suts0n93epr4u663xcnfwaxgyaxmccge22h0e9c7u6spfujsj3drt8
  # Hannover Bredero Hochhaus Umland
  - &traffic-stop-box-9 age18z9wrtqj8dcy09r9km537nq7crad7kzgy7dwjc89cane9svqrflqcdt5at
  # CLT
  - &traffic-stop-box-10 age1qr725an7jchsvy5rx3r3m3r2d5zphms2yqn5xystj2ndxs4lq3tqjrc5hk
creation_rules:
  - path_regex: secrets/[^/]+\.yaml$
    key_groups:
      - pgp:
        - *admin_oxa
        - *admin_revol-xut
        - *admin_marenz-1
        - *admin_marenz-2
        age:
        - *data-hoarder
        - *data-hoarder-staging
        - *traffic-stop-box-0
        - *traffic-stop-box-1
        - *traffic-stop-box-2
  - path_regex: secrets/data-hoarder/[^/]+\.yaml$
    key_groups:
      - pgp:
        - *admin_oxa
        - *admin_revol-xut
        - *admin_marenz-1
        - *admin_marenz-2
        age:
        - *data-hoarder
        - *data-hoarder-staging
  - path_regex: secrets/data-hoarder-staging/[^/]+\.yaml$
    key_groups:
      - pgp:
        - *admin_oxa
        - *admin_revol-xut
        - *admin_marenz-1
        - *admin_marenz-2
        age:
        - *data-hoarder
        - *data-hoarder-staging
  - path_regex: secrets/notice-me-senpai/[^/]+\.yaml$
    key_groups:
      - pgp:
        - *admin_oxa
        - *admin_revol-xut
        - *admin_marenz-1
        - *admin_marenz-2
        age:
        - *notice-me-senpai
  - path_regex: secrets/traffic-stop-box-0/[^/]+\.yaml$
    key_groups:
      - pgp:
        - *admin_oxa
        - *admin_revol-xut
        - *admin_marenz-1
        - *admin_marenz-2
        age:
        - *traffic-stop-box-0
  - path_regex: secrets/traffic-stop-box-1/[^/]+\.yaml$
    key_groups:
      - pgp:
        - *admin_oxa
        - *admin_revol-xut
        - *admin_marenz-1
        - *admin_marenz-2
        age:
        - *traffic-stop-box-1
  - path_regex: secrets/traffic-stop-box-2/[^/]+\.yaml$
    key_groups:
      - pgp:
        - *admin_oxa
        - *admin_revol-xut
        - *admin_marenz-1
        - *admin_marenz-2
        age:
        - *traffic-stop-box-2
  - path_regex: secrets/traffic-stop-box-3/[^/]+\.yaml$
    key_groups:
      - pgp:
        - *admin_oxa
        - *admin_revol-xut
        - *admin_marenz-1
        - *admin_marenz-2
        age:
        - *traffic-stop-box-3
  - path_regex: secrets/traffic-stop-box-4/[^/]+\.yaml$
    key_groups:
      - pgp:
        - *admin_oxa
        - *admin_revol-xut
        - *admin_marenz-1
        - *admin_marenz-2
        age:
        - *traffic-stop-box-4
  - path_regex: secrets/traffic-stop-box-6/[^/]+\.yaml$
    key_groups:
      - pgp:
        - *admin_oxa
        - *admin_revol-xut
        - *admin_marenz-1
        - *admin_marenz-2
        age:
        - *traffic-stop-box-6
  - path_regex: secrets/traffic-stop-box-7/[^/]+\.yaml$
    key_groups:
      - pgp:
        - *admin_oxa
        - *admin_revol-xut
        - *admin_marenz-1
        - *admin_marenz-2
        age:
        - *traffic-stop-box-7
  - path_regex: secrets/traffic-stop-box-8/[^/]+\.yaml$
    key_groups:
      - pgp:
        - *admin_oxa
        - *admin_revol-xut
        - *admin_marenz-1
        - *admin_marenz-2
        age:
        - *traffic-stop-box-8
  - path_regex: secrets/traffic-stop-box-9/[^/]+\.yaml$
    key_groups:
      - pgp:
        - *admin_oxa
        - *admin_revol-xut
        - *admin_marenz-1
        - *admin_marenz-2
        age:
        - *traffic-stop-box-9
  - path_regex: secrets/traffic-stop-box-10/[^/]+\.yaml$
    key_groups:
      - pgp:
        - *admin_oxa
        - *admin_revol-xut
        - *admin_marenz-1
        - *admin_marenz-2
        age:
        - *traffic-stop-box-10
  - path_regex: secrets/tram-borzoi/[^/]+\.yaml$
    key_groups:
      - pgp:
        - *admin_oxa
        - *admin_revol-xut
        - *admin_marenz-1
        - *admin_marenz-2
        age:
        - *tram-borzoi
  - path_regex: secrets/tetra-zw/[^/]+\.yaml$
    key_groups:
      - pgp:
        - *admin_oxa
        - *admin_revol-xut
        - *admin_marenz-1
        - *admin_marenz-2
        age:
        - *tetra-zw
  - path_regex: secrets/uranus/[^/]+\.yaml$
    key_groups:
      - pgp:
        - *admin_oxa
        - *admin_revol-xut
        - *admin_marenz-1
        - *admin_marenz-2
        age:
        - *uranus