nixos-config/.sops.yaml

---
keys:
  - &christoph_trek age1kdkzjqy88en4m65s7ld28srupzwaq30gu2e63ylayhqedpgfxews9kf6fy
  - &christoph_zero age1es8273vc2yq89kvs4s84m6qffep86sm924k4my47a5qtau4ueypsgz3kqh
  - &christoph_maui age1ul99nmekam6rs9fpjka32aaxmnjq0p3a8x8drzxwtxa4g2u23anq6p2g6s
  # generate with: `ssh <machine> 'sudo cat /etc/ssh/ssh_host_ed25519_key.pub' | nix run nixpkgs#ssh-to-age`
  - &machine_fort age1h96sm0j0k5kjmuf857xurtq7rwk5fhptenjdlkgmadtrz4lm95rqm6ctm2
  - &machine_tank age165nqtky9a5kdhca70uwd0cewqle7egzm4vmcmrpfnqfuchjdg3esn7frvh
  - &machine_trek age1ssrv832gpktt3ktqvh4c9793xdpa6xv2ugytq8jhwpcmzdjz9amsu2793e
  - &machine_zero age1xdd0mzt7mhr30rzvt34ygxurlvdvs53svg7lxd6843lx83vy0guqew578d

creation_rules:
  - path_regex: secrets/sops/(acme|restic)\.yaml
    key_groups:
      - age:
          - *christoph_trek
          - *christoph_zero
          - *christoph_maui
          - *machine_tank
          - *machine_fort
  - path_regex: secrets/sops/(grafana|home-assistant|navidrome|tank)\.yaml
    key_groups:
      - age:
          - *christoph_trek
          - *christoph_zero
          - *christoph_maui
          - *machine_tank
  - path_regex: secrets/sops/(alertmanager|forgejo|fort|matrix-hookshot|vaultwarden|vikunja|wireguard|yarr)\.yaml
    key_groups:
      - age:
          - *christoph_trek
          - *christoph_zero
          - *christoph_maui
          - *machine_fort
  - path_regex: secrets/sops/desktop\.yaml
    key_groups:
      - age:
          - *christoph_trek
          - *christoph_zero
          - *christoph_maui
          - *machine_trek
          - *machine_zero
tree-wide: convert everything from morph to nixinate + sops-nix Signed-off-by: Christoph Heiss <christoph@c8h4.io> 2024-05-07 01:00:09 +02:00			`---`
			`keys:`
			`- &christoph_trek age1kdkzjqy88en4m65s7ld28srupzwaq30gu2e63ylayhqedpgfxews9kf6fy`
			`- &christoph_zero age1es8273vc2yq89kvs4s84m6qffep86sm924k4my47a5qtau4ueypsgz3kqh`
sops: add maui user key Signed-off-by: Christoph Heiss <christoph@c8h4.io> 2024-05-07 11:48:20 +02:00			`- &christoph_maui age1ul99nmekam6rs9fpjka32aaxmnjq0p3a8x8drzxwtxa4g2u23anq6p2g6s`
tree-wide: convert everything from morph to nixinate + sops-nix Signed-off-by: Christoph Heiss <christoph@c8h4.io> 2024-05-07 01:00:09 +02:00			# generate with: `ssh <machine> 'sudo cat /etc/ssh/ssh_host_ed25519_key.pub' \| nix run nixpkgs#ssh-to-age`
			`- &machine_fort age1h96sm0j0k5kjmuf857xurtq7rwk5fhptenjdlkgmadtrz4lm95rqm6ctm2`
secrets: convert machine-specific `zero` secrets to common desktop Signed-off-by: Christoph Heiss <christoph@c8h4.io> 2024-05-24 21:08:34 +02:00			`- &machine_tank age165nqtky9a5kdhca70uwd0cewqle7egzm4vmcmrpfnqfuchjdg3esn7frvh`
			`- &machine_trek age1ssrv832gpktt3ktqvh4c9793xdpa6xv2ugytq8jhwpcmzdjz9amsu2793e`
tree-wide: convert everything from morph to nixinate + sops-nix Signed-off-by: Christoph Heiss <christoph@c8h4.io> 2024-05-07 01:00:09 +02:00			`- &machine_zero age1xdd0mzt7mhr30rzvt34ygxurlvdvs53svg7lxd6843lx83vy0guqew578d`

			`creation_rules:`
services: forgejo: simplify ssh setup by renaming user Signed-off-by: Christoph Heiss <christoph@c8h4.io> 2024-08-24 13:17:35 +02:00			`- path_regex: secrets/sops/(acme\|restic)\.yaml`
tree-wide: convert everything from morph to nixinate + sops-nix Signed-off-by: Christoph Heiss <christoph@c8h4.io> 2024-05-07 01:00:09 +02:00			`key_groups:`
			`- age:`
			`- *christoph_trek`
			`- *christoph_zero`
sops: add maui user key Signed-off-by: Christoph Heiss <christoph@c8h4.io> 2024-05-07 11:48:20 +02:00			`- *christoph_maui`
tree-wide: convert everything from morph to nixinate + sops-nix Signed-off-by: Christoph Heiss <christoph@c8h4.io> 2024-05-07 01:00:09 +02:00			`- *machine_tank`
			`- *machine_fort`
services: forgejo: move to other host with dedicated data directory Signed-off-by: Christoph Heiss <christoph@c8h4.io> 2024-08-24 13:23:40 +02:00			`- path_regex: secrets/sops/(grafana\|home-assistant\|navidrome\|tank)\.yaml`
tree-wide: convert everything from morph to nixinate + sops-nix Signed-off-by: Christoph Heiss <christoph@c8h4.io> 2024-05-07 01:00:09 +02:00			`key_groups:`
			`- age:`
			`- *christoph_trek`
			`- *christoph_zero`
sops: add maui user key Signed-off-by: Christoph Heiss <christoph@c8h4.io> 2024-05-07 11:48:20 +02:00			`- *christoph_maui`
tree-wide: convert everything from morph to nixinate + sops-nix Signed-off-by: Christoph Heiss <christoph@c8h4.io> 2024-05-07 01:00:09 +02:00			`- *machine_tank`
services: forgejo: move to other host with dedicated data directory Signed-off-by: Christoph Heiss <christoph@c8h4.io> 2024-08-24 13:23:40 +02:00			`- path_regex: secrets/sops/(alertmanager\|forgejo\|fort\|matrix-hookshot\|vaultwarden\|vikunja\|wireguard\|yarr)\.yaml`
tree-wide: convert everything from morph to nixinate + sops-nix Signed-off-by: Christoph Heiss <christoph@c8h4.io> 2024-05-07 01:00:09 +02:00			`key_groups:`
			`- age:`
			`- *christoph_trek`
			`- *christoph_zero`
sops: add maui user key Signed-off-by: Christoph Heiss <christoph@c8h4.io> 2024-05-07 11:48:20 +02:00			`- *christoph_maui`
tree-wide: convert everything from morph to nixinate + sops-nix Signed-off-by: Christoph Heiss <christoph@c8h4.io> 2024-05-07 01:00:09 +02:00			`- *machine_fort`
secrets: convert machine-specific `zero` secrets to common desktop Signed-off-by: Christoph Heiss <christoph@c8h4.io> 2024-05-24 21:08:34 +02:00			`- path_regex: secrets/sops/desktop\.yaml`
tree-wide: convert everything from morph to nixinate + sops-nix Signed-off-by: Christoph Heiss <christoph@c8h4.io> 2024-05-07 01:00:09 +02:00			`key_groups:`
			`- age:`
			`- *christoph_trek`
			`- *christoph_zero`
sops: add maui user key Signed-off-by: Christoph Heiss <christoph@c8h4.io> 2024-05-07 11:48:20 +02:00			`- *christoph_maui`
secrets: convert machine-specific `zero` secrets to common desktop Signed-off-by: Christoph Heiss <christoph@c8h4.io> 2024-05-24 21:08:34 +02:00			`- *machine_trek`
tree-wide: convert everything from morph to nixinate + sops-nix Signed-off-by: Christoph Heiss <christoph@c8h4.io> 2024-05-07 01:00:09 +02:00			`- *machine_zero`