nixos/.sops.yaml

# This example uses YAML anchors which allows reuse of multiple keys 
# without having to repeat yourself.
# Also see https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml
# for a more complex example.
keys:
  - &bitwarden age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7 # nixos age key
  - &dominik age1exny8unxynaw03yu8ppahu5z28uermghr8ag34e7kdqnaduq9stsyettzz
  - &dominik2 age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch
  - &git-server age106n5n3rrrss45eqqzz8pq90la3kqdtnw63uw0sfa2mahk5xpe30sxs5x58
  - &web-02 age1gjm4c3swt8u88e36gf2qlg3syxfc0ly94u64c42f2tsf24npw4csa6e4fw
  - &web-arm age1ylrpaytkm0k5kcecsxvyv5xd9ts4md0uap48g6wsmj9pwm4lf5esffu0gw
  - &ldap-server-arm age1jyeppc8yl2twnv8fwcewutd5gjewnxl59lmhev6ygds9qel8zf8syt7zz4
  - &fw age1wq82xjyj80htz33x7agxddjfumr3wkwh3r24tasagepxw7ka893sau68df
  - &fw-new age12msc2c6drsaw0yk2hjlaw0q0lyq0emjx5e8rq7qc7ql689k593kqfmhss2
  - &netboot age14uarclad0ty5supc8ep09793xrnwkv8a4h9j0fq8d8lc92n2dadqkf64vw
  - &gpd-win4 age1ceg548u5ma6rgu3xgvd254y5xefqrdqfqhcjsjp3255q976fgd2qaua53d
  - &nb age1exny8unxynaw03yu8ppahu5z28uermghr8ag34e7kdqnaduq9stsyettzz

creation_rules:
  - path_regex: ^[^/]+\.yaml$
    key_groups:
    - age:
      - *bitwarden
      - *dominik
      - *dominik2
      - *nb
  - path_regex: hosts/nb/[^/]+\.yaml$
    key_groups:
    - age:
      - *bitwarden
      - *dominik
      - *dominik2
      - *nb
  - path_regex: hosts/gpd-win4/[^/]+\.yaml$
    key_groups:
    - age:
      - *bitwarden
      - *dominik
      - *dominik2
      - *gpd-win4
      - *nb
  - path_regex: hosts/fw/[^/]+\.yaml$
    key_groups:
    - age:
      - *bitwarden
      - *dominik
      - *dominik2
      - *nb
      - *fw
  - path_regex: hosts/fw-new/[^/]+\.yaml$
    key_groups:
    - age:
      - *bitwarden
      - *dominik
      - *dominik2
      - *nb
      - *fw
      - *fw-new
  - path_regex: hosts/web-arm/[^/]+\.yaml$
    key_groups:
    - age:
      - *bitwarden
      - *dominik
      - *dominik2
      - *nb
      - *web-arm
  - path_regex: hosts/mail/[^/]+\.yaml$
    key_groups:
    - age:
      - *bitwarden
      - *dominik
      - *dominik2
      - *nb
      - *ldap-server-arm
  - path_regex: hosts/fw/modules/web/[^/]+\.yaml$
    key_groups:
    - age:
      - *bitwarden
      - *dominik
      - *dominik2
      - *nb
      - *web-02
  - path_regex: utils/modules/lego/[^/]+\.yaml$
    key_groups:
    - age:
      - *bitwarden
      - *dominik
      - *dominik2
      - *nb
      - *git-server
      - *web-02
      - *web-arm
      - *ldap-server-arm
      - *netboot
      - *fw
      - *fw-new
  - path_regex: utils/modules/attic-cache/[^/]+\.yaml$
    key_groups:
    - age:
      - *bitwarden
      - *dominik
      - *dominik2
      - *nb
  - path_regex: utils/modules/promtail/[^/]+\.yaml$
    key_groups:
    - age:
      - *bitwarden
      - *dominik
      - *dominik2
      - *nb
      - *web-arm
      - *ldap-server-arm
      - *netboot
      - *fw
      - *fw-new
  - path_regex: utils/modules/victoriametrics/[^/]+\.yaml$
    key_groups:
    - age:
      - *bitwarden
      - *dominik
      - *dominik2
      - *nb
      - *web-arm
      - *ldap-server-arm
      - *netboot
      - *fw
      - *fw-new