.dotfiles/.sops.yaml at main · Swarsel/.dotfiles · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
# This example uses YAML anchors which allows reuse of multiple keys
# without having to repeat yourself.
# Also see https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml
# for a more complex example.
keys:
  - &users
    - &swarsel 4BE7925262289B476DBBC17B76FD3810215AE097
  - &hosts
    - &bakery age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh
    - &summers age14sjyqch8tzqexk2gv0qgrrg09f0s6hvwhsgjac3vs6sc5rzgpcxsyqda6u
    - &belchsfactory age1k73gy5em3js9zklnnkzp5hme9k04lny32fgahmzddknjw5c295asdyr4x6
    - &dgx age1ax5hqk6e2ekgfx5u7pl8ayc3vvhrehyvtvf07llaxhs5azpnny0qpltrns
    - &eagleland age1cmzh82q8k59yzceuuy2epmqu22g7m84gqvq056mhgehwpmvjadfsc3glc8
    - &hintbooth age1wmx8y2hs83j2u5srdnfxljrzxm8jtxl6fr0mq7xf2ldxyglpzf2qq89rpx
    - &hintbooth-adguardhome age1c2enwel9un28dcs4wg0vcyamx9a4a6g3walkhu8w5lqhmd804paq9d24as
    - &hintbooth-nginx age1nanlervuderw4qskcuessycqy2yfmptl6nym9scgp9ky2265ssmq3u73r0
    - &liliputsteps age1ly2endyt0y9xyddj6yuj4nw6fa3ltvzlvew4cr4lzs6dv8dkavpqadmyxx
    - &moonside age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh
    - &pyramid age15cx90pnp54xp5gxlt02yn9j2pz968wp3l5ukdkx55xuecp34e5pszjku4m
    - &stoicclub age15klj4t7gpfp69472mne4ue62pp6m4e04dmjyw7yf30qtqd3vl3uqjmcyxm
    - &toto age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl
    - &twothreetunnel age1g7atkxdlt4ymeh7v7aa2yzr2hq2qkvzrc4r49ugttm3n582ymv9qrmpk8d
    - &winters age1s0vssf9fey2l456hucppzx2x58xep279nsdcglvkqm30sr9ht37s8rvpza
    - &summers-ankisync age1kyue7mfvzuxprjz2g6ulz2mxlr57rgzg6lfpnrqedkelehley5ls3enwsd
    - &summers-atuin age1qpgj3ell93rzkpjq0ezs6t669ds3nyxx67pj50smx597pspz6fqs4jc6pt
    - &summers-audio age1f63r2klnpfxmntswz5xydpa75ckgjqcs2yzkm0msqwqgz9aqgu0qwzr659
    - &summers-firefly age17328xwk0z3znalpmma5rvp0lt5ghn5p8xfvnrtdxwsw80dqysacqj9j37q
    - &summers-forgejo age1qdzkn6v3xhrfjwe8jxz3945dhyyhevwal0narjtr8whf9y7nh3wsn524u5
    - &summers-freshrss age1etgfym5m8hn3hxs6cgg757zcv5zg5n22wq38fuq59n7qk7nef5uqyg6vvs
    - &summers-homebox age17mugmkdw0y768a3huuf37r45eff9apyknxvwk3agg6xzsjmqp96q57tcty
    - &summers-immich age16gf76uustmyyksm3t56zcq9g6j8avy0wrngh8laknfq733s5welqedeg4x
    - &summers-jellyfin age1fnvlmhzju0yq908xtgags0sy85q3tacl2sc3w3vdd3yfp27xv5aq06v948
    - &summers-kanidm age1s5gcxtatd9frwctzwg54fqycsx2sa73ll36k7qrpm9wwyknkldtst90gn4
    - &summers-kavita age1d89878cvt7wsa07ydwtexspku5gppwstrpnpph4ufx5pcd4fadyqgf6lvl
    - &summers-koillection age1ayupuxlrkepyvjk7xwgrd0pvcj3tfcha688mcuc8ees2hg3g2ersd0q3nc
    - &summers-matrix age1cq7wxnugpfvjk6dgqpfmc8vemzhkg75drkgeaqjd9fuylz5qh40slazr4u
    - &summers-monitoring age1vn6ya0japzpgc256jg57fldsqe4udmq50sj5hmkywn7rxfnskevsx2q96u
    - &summers-nextcloud age1t7zagjfddns4yltupk7nx8xps4gh7mupyz85uuys0wd22cxj5qsq2hw0p7
    - &summers-paperless age1rn0pxluh7m8dyeshek06d7scejqlrcewlk8xmyrwt5e5nev2dc2s3s78vq
    - &summers-radicale age1gxg2peektn8x36kk3nsgmeawl73e54kaadqd649ygwrv43kkvejq2cw64z
    - &summers-storage age1kn34ny229gm0rg7wlcvxmcyjtz4gka6f2vd958fde6vmuzrxcvcsufra90
    - &summers-transmission age1y69f2elvmq39lc3t3ucq9y7wt675520n7rvug88qg368qsmmk47qvwrtny

creation_rules:
  - path_regex: secrets/repo/[^/]+\.(yaml|json|env|ini|enc)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *winters
      - *summers
      - *twothreetunnel
      - *liliputsteps
      - *stoicclub
      - *belchsfactory
      - *eagleland
      - *hintbooth
      - *bakery
      - *toto
      - *pyramid
      - *moonside
      - *dgx
      - *hintbooth-adguardhome
      - *hintbooth-nginx
      - *summers-ankisync
      - *summers-atuin
      - *summers-audio
      - *summers-firefly
      - *summers-forgejo
      - *summers-freshrss
      - *summers-homebox
      - *summers-immich
      - *summers-jellyfin
      - *summers-kanidm
      - *summers-kavita
      - *summers-koillection
      - *summers-matrix
      - *summers-monitoring
      - *summers-nextcloud
      - *summers-paperless
      - *summers-radicale
      - *summers-storage
      - *summers-transmission

  - path_regex: secrets/work/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *pyramid

  - path_regex: secrets/nginx/acme.json
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *twothreetunnel
      - *summers
      - *eagleland
      - *hintbooth-nginx

  - path_regex: hosts/nixos/x86_64-linux/pyramid/secrets/[^/]+\.(yaml|json|env|ini|enc)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *pyramid

  - path_regex: hosts/nixos/x86_64-linux/bakery/secrets/[^/]+\.(yaml|json|env|ini|enc)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *bakery

  - path_regex: hosts/nixos/x86_64-linux/winters/secrets/[^/]+\.(yaml|json|env|ini|enc)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *winters

  - path_regex: hosts/nixos/x86_64-linux/eagleland/secrets/[^/]+\.(yaml|json|env|ini|enc)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *eagleland

  - path_regex: hosts/nixos/aarch64-linux/moonside/secrets/[^/]+\.(yaml|json|env|ini|enc)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *moonside

  - path_regex: hosts/nixos/aarch64-linux/belchsfactory/secrets/[^/]+\.(yaml|json|env|ini|enc)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *belchsfactory

  - path_regex: hosts/nixos/aarch64-linux/stoicclub/secrets/[^/]+\.(yaml|json|env|ini|enc)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *stoicclub

  - path_regex: hosts/nixos/aarch64-linux/liliputsteps/secrets/[^/]+\.(yaml|json|env|ini|enc)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *liliputsteps

  - path_regex: hosts/nixos/aarch64-linux/twothreetunnel/secrets/[^/]+\.(yaml|json|env|ini|enc)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *twothreetunnel

  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/[^/]+\.(yaml|json|env|ini|enc)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *summers

  - path_regex: hosts/nixos/x86_64-linux/hintbooth/secrets/[^/]+\.(yaml|json|env|ini|enc)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *hintbooth

  - path_regex: hosts/nixos/x86_64-linux/hintbooth/secrets/adguardhome/[^/]+\.(yaml|json|env|ini|enc)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *hintbooth
      - *hintbooth-adguardhome

  - path_regex: hosts/nixos/x86_64-linux/hintbooth/secrets/nginx/[^/]+\.(yaml|json|env|ini|enc)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *hintbooth
      - *hintbooth-nginx

  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/ankisync/[^/]+\.(yaml|json|env|ini|enc)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *summers
      - *summers-ankisync

  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/atuin/[^/]+\.(yaml|json|env|ini|enc)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *summers
      - *summers-atuin

  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/audio/[^/]+\.(yaml|json|env|ini|enc)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *summers
      - *summers-audio

  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/firefly/[^/]+\.(yaml|json|env|ini|enc)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *summers
      - *summers-firefly

  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/forgejo/[^/]+\.(yaml|json|env|ini|enc)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *summers
      - *summers-forgejo

  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/freshrss/[^/]+\.(yaml|json|env|ini|enc)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *summers
      - *summers-freshrss

  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/homebox/[^/]+\.(yaml|json|env|ini|enc)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *summers
      - *summers-homebox

  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/immich/[^/]+\.(yaml|json|env|ini|enc)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *summers
      - *summers-immich

  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/jellyfin/[^/]+\.(yaml|json|env|ini|enc)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *summers
      - *summers-jellyfin

  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/kanidm/[^/]+\.(yaml|json|env|ini|enc)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *summers
      - *summers-kanidm

  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/kavita/[^/]+\.(yaml|json|env|ini|enc)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *summers
      - *summers-kavita

  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/koillection/[^/]+\.(yaml|json|env|ini|enc)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *summers
      - *summers-koillection

  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/matrix/[^/]+\.(yaml|json|env|ini|enc)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *summers
      - *summers-matrix

  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/monitoring/[^/]+\.(yaml|json|env|ini|enc)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *summers
      - *summers-monitoring

  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/nextcloud/[^/]+\.(yaml|json|env|ini|enc)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *summers
      - *summers-nextcloud

  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/paperless/[^/]+\.(yaml|json|env|ini|enc)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *summers
      - *summers-paperless

  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/radicale/[^/]+\.(yaml|json|env|ini|enc)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *summers
      - *summers-radicale

  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/storage/[^/]+\.(yaml|json|env|ini|enc)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *summers
      - *summers-storage

  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/transmission/[^/]+\.(yaml|json|env|ini|enc)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *summers
      - *summers-transmission

  - path_regex: hosts/darwin/x86_64-darwin/nbm-imba-166/secrets/[^/]+\.(yaml|json|env|ini|enc)$
    key_groups:
    - pgp:
      - *swarsel