.dotfiles/.sops.yaml

# This example uses YAML anchors which allows reuse of multiple keys
# without having to repeat yourself.
# Also see https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml
# for a more complex example.
keys:
  - &users
    - &swarsel 4BE7925262289B476DBBC17B76FD3810215AE097
  - &hosts
    - &winters age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63
    - &bakery age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh
    - &toto age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl
    - &surface age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg
    - &nbl age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy
    - &milkywell age1glge4e97vgqzh332mqs5990vteezu2m8k4wq3z35jk0q8czw3gks2d7a3h
    - &moonside age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh
creation_rules:
  - path_regex: secrets/general/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *winters
      - *bakery
      - *toto
      - *surface
      - *nbl
      - *milkywell
      - *moonside
  - path_regex: secrets/repo/[^/]+$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *winters
      - *bakery
      - *toto
      - *surface
      - *nbl
      - *milkywell
      - *moonside
  - path_regex: secrets/certs/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *nbl
      - *bakery
      - *toto
      - *surface
      - *winters
      - *moonside
  - path_regex: secrets/work/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *nbl

  - path_regex: secrets/pyramid/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *nbl
  - path_regex: hosts/nixos/x86_64-linux/pyramid/secrets/pii.nix.enc
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *nbl

  - path_regex: secrets/moonside/secrets.yaml
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *moonside
  - path_regex: hosts/nixos/aarch64-linux/moonside/secrets/pii.nix.enc
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *moonside

  - path_regex: secrets/bakery/secrets.yaml
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *bakery
  - path_regex: hosts/nixos/x86_64-linux/bakery/secrets/pii.nix.enc
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *bakery

  - path_regex: secrets/winters/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *winters
  - path_regex: hosts/nixos/x86_64-linux/winters/secrets/pii.nix.enc
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *winters
      - *moonside

  - path_regex: secrets/milkywell/[^/]+\.(yaml|json|env|ini)$
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *milkywell
  - path_regex: hosts/nixos/aarch64-linux/milkywell/secrets/pii.nix.enc
    key_groups:
    - pgp:
      - *swarsel
      age:
      - *milkywell

  - path_regex: hosts/nixos/x86_64-linux/summers/secrets/
    key_groups:
    - pgp:
      - *swarsel

  - path_regex: hosts/nixos/x86_64-linux/hintbooth/secrets/
    key_groups:
    - pgp:
      - *swarsel

  - path_regex: hosts/darwin/nbm-imba-166/secrets/pii.nix.enc
    key_groups:
    - pgp:
      - *swarsel