# This example uses YAML anchors which allows reuse of multiple keys
# without having to repeat yourself.
# Also see https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml
# for a more complex example.
keys:
  - &admin_swarsel 4BE7925262289B476DBBC17B76FD3810215AE097
  - &server_sandbox age1zdjm8qa5t25mca0xxhhkpuh85mgg4l267mqjj2pdttksq7zg4unqdmqyp4
  - &server_nixos age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63
  - &server_surface age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg
  - &server_fourside age1s3faa0due0fvp9qu2rd8ex0upg4mcms8wl936yazylv72r6nn3rq2xv5g0
  - &server_stand age1hkajkcje5xvg8jd4zj2e0s9tndpv36hwhn7p38x9lyq2z8g7v45q2nhlej
  - &server_nbl age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy
  - &server_nginx age1zyts3egct4he229klgrfkd9r442xw9r3qg3hyydh44pvk3wjhd3s2zjqvt
  - &server_calibre age1q2k4j9m6ge6dgygehulzd8vqjcdgv5s7s4zrferaq29qlu94a4uqpv76s5
  - &server_transmiss age1wevwwytv5q8wx8yttc85gly678hn4k3qe4csgnq2frf3wxes63jqlt8kqs
  - &server_matrix age1t2uj8arq8nnmd5s3h32p7z7masj2gqe5ec49dtr8ex2nlgef3yfqtgcnj6
  - &server_spotifyd age16d6wulu4vzuawvsnqv0cqjhxdz9e20qm3xdnzq2lp7787srl8shqsqlfps
  - &server_sound age1w7tfe7k0r0hm6mzz0kmz8302kfn0rlh96w7g6zwqd4muqg7u9anqv07745
  - &server_sync age1glge4e97vgqzh332mqs5990vteezu2m8k4wq3z35jk0q8czw3gks2d7a3h
  - &server_paperless age1j4y7mwh6hg8kvktgvq5g3xstnmlnaxkdhfrps8lnl029nfpr03dq2nr4cd
  - &server_sandbox age1d4ywpqztawcw0eswn42udt4hhcktdcrm54v9kmt3uspkwkz8e52qx7d5aa
  - &server_omatrix age198gj3dmryk7sya5c77tsrm3gdrct6xh7w7cx4gsfywe675aehu8sw2xw6q
creation_rules:
  - path_regex: secrets/general/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *admin_swarsel
      age:
      - *server_nixos
      - *server_sandbox
      - *server_surface
      - *server_stand
      - *server_fourside
      - *server_nbl
  - path_regex: secrets/certs/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *admin_swarsel
      age:
      - *server_nixos
      - *server_sandbox
      - *server_surface
      - *server_stand
      - *server_fourside
      - *server_transmiss
  - path_regex: secrets/server/winters/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *admin_swarsel
      age:
      - *server_nixos
  - path_regex: secrets/surface/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *admin_swarsel
      age:
      - *server_surface
  - path_regex: secrets/nginx/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *admin_swarsel
      age:
      - *server_nginx
  - path_regex: secrets/calibre/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *admin_swarsel
      age:
      - *server_calibre
  - path_regex: secrets/transmission/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *admin_swarsel
      age:
      - *server_transmiss
  - path_regex: secrets/matrix/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *admin_swarsel
      age:
      - *server_matrix
  - path_regex: secrets/spotifyd/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *admin_swarsel
      age:
      - *server_spotifyd
  - path_regex: secrets/sound/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *admin_swarsel
      age:
      - *server_sound
  - path_regex: secrets/sync/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *admin_swarsel
      age:
      - *server_sync
  - path_regex: secrets/paperless/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *admin_swarsel
      age:
      - *server_paperless
  - path_regex: secrets/sandbox/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *admin_swarsel
      age:
      - *server_sandbox
  - path_regex: secrets/omatrix/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *admin_swarsel
      age:
      - *server_omatrix