.dotfiles/.sops.yaml

# This example uses YAML anchors which allows reuse of multiple keys
# without having to repeat yourself.
# Also see https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml
# for a more complex example.
keys:
  - &users
    - &swarsel 4BE7925262289B476DBBC17B76FD3810215AE097
  - &hosts
    - &winters age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63
    - &twothreetunnel age1g7atkxdlt4ymeh7v7aa2yzr2hq2qkvzrc4r49ugttm3n582ymv9qrmpk8d
    - &liliputsteps age1ly2endyt0y9xyddj6yuj4nw6fa3ltvzlvew4cr4lzs6dv8dkavpqadmyxx
    - &stoicclub age15klj4t7gpfp69472mne4ue62pp6m4e04dmjyw7yf30qtqd3vl3uqjmcyxm
    - &belchsfactory age1k73gy5em3js9zklnnkzp5hme9k04lny32fgahmzddknjw5c295asdyr4x6
    - &eagleland age1cmzh82q8k59yzceuuy2epmqu22g7m84gqvq056mhgehwpmvjadfsc3glc8
    - &hintbooth age1hsumymvh5mkqlaynrp9lv2w696yk3wtjzlyfmrpeuvh9u2tlwceqh3563x
    - &bakery age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh
    - &toto age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl
    - &surface age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg
    - &nbl age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy
    - &moonside age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh
creation_rules:
  - path_regex: secrets/general/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *winters
      - *twothreetunnel
      - *liliputsteps
      - *stoicclub
      - *belchsfactory
      - *eagleland
      - *hintbooth
      - *bakery
      - *toto
      - *surface
      - *nbl
      - *moonside
  - path_regex: secrets/repo/[^/]+$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *winters
      - *twothreetunnel
      - *liliputsteps
      - *stoicclub
      - *belchsfactory
      - *eagleland
      - *hintbooth
      - *bakery
      - *toto
      - *surface
      - *nbl
      - *moonside
  - path_regex: secrets/certs/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *nbl
      - *twothreetunnel
      - *liliputsteps
      - *stoicclub
      - *belchsfactory
      - *eagleland
      - *hintbooth
      - *bakery
      - *toto
      - *surface
      - *winters
      - *moonside
  - path_regex: secrets/work/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *nbl

  - path_regex: secrets/pyramid/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *nbl
  - path_regex: hosts/nixos/x86_64-linux/pyramid/secrets/pii.nix.enc
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *nbl

  - path_regex: secrets/moonside/secrets.yaml
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *moonside
  - path_regex: hosts/nixos/aarch64-linux/moonside/secrets/pii.nix.enc
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *moonside

  - path_regex: secrets/belchsfactory/secrets.yaml
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *belchsfactory
  - path_regex: hosts/nixos/aarch64-linux/belchsfactory/secrets/pii.nix.enc
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *belchsfactory

  - path_regex: secrets/bakery/secrets.yaml
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *bakery
  - path_regex: hosts/nixos/x86_64-linux/bakery/secrets/pii.nix.enc
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *bakery

  - path_regex: secrets/winters/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *winters
  - path_regex: hosts/nixos/x86_64-linux/winters/secrets/pii.nix.enc
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *winters

  - path_regex: secrets/eagleland/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *eagleland

  - path_regex: hosts/nixos/x86_64-linux/eagleland/secrets/pii.nix.enc
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *eagleland



  - path_regex: secrets/stoicclub/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *stoicclub
  - path_regex: hosts/nixos/aarch64-linux/stoicclub/secrets/pii.nix.enc
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *stoicclub

  - path_regex: secrets/liliputsteps/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *liliputsteps
  - path_regex: hosts/nixos/aarch64-linux/liliputsteps/secrets/pii.nix.enc
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *liliputsteps

  - path_regex: secrets/twothreetunnel/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *twothreetunnel
  - path_regex: hosts/nixos/aarch64-linux/twothreetunnel/secrets/pii.nix.enc
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *twothreetunnel

  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/
    key_groups:
    - pgp:
      - *swarsel

  - path_regex: hosts/nixos/x86_64-linux/hintbooth/secrets/
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *hintbooth

  - path_regex: hosts/darwin/nbm-imba-166/secrets/pii.nix.enc
    key_groups:
    - pgp:
      - *swarsel