.sops.yaml

# Make a user key
# mkdir -p ~/.config/sops/age
# age-keygen -o ~/.config/sops/age/keys.txt
# chmod 600 ~/.config/sops/age/keys.txt

# Display the user public key:
# age-keygen -y ~/.config/sops/age/keys.txt

# Make a host public key:
# nix-shell -p ssh-to-age
# ssh-to-age -i /etc/ssh/ssh_host_ed25519_key.pub

# Add secrets
# sops secrets/secrets.yaml

# Rekey secrets.yaml after editing recipients in .sops.yaml:
# sops updatekeys secrets/secrets.yaml
keys:
  - &users:
    - &haseeb_workstation age1emuknmcdwt5letup4eatvjxrrllkd06uqhslvzhwr0jkjj9f8ewquz9xur
    - &haseebmajid_curve age1rc26esy506fa0kv2y97sjzfk4g2pr0ctv2rzkacewx5d8urns3zqhr7r7n
  - &hosts:
    - &framework age1kzxen8ynw28h935jnjc9t8cx4p8mv6angk5suvkp6ntu4am9pe4smfw22z
    - &workstation age1fy626vylmpya4t4gyqx6kw4ggn7j79upjgt4jka2gq6lysluhd0s8ytqls
    - &mainboard age1rpqz5vl9tkgje46h43sjgthmqjcltwgm8fm9xdm9yk2ugemuqqrs6jpr43
    - &um790 age1wtkcl8gwwumvzf78ttqy4gh2pwzz724glugs5wah2fcudgfh5pxq3urkpg
    - &ms01 age1uswlqzs3pf99r6e8qq5d3eh44sufe5tdczmfqygeam7vfr96fugqa0pps7
    - &s100 age19pl6jt7ekljfjww4g9anzafdxj0e52mnfnsyd26u5xdemfksqpwsnfwrs5
    - &vps age1968z5kxjrf5nnzmvp7fp70pytkpnaaa0xel7cqr8nt4vtezygfnstuh4dx

creation_rules:
  - path_regex: modules/nixos/roles/kubernetes/secrets.ya?ml$
    key_groups:
    - age:
      - *workstation
      - *haseeb_workstation
      - *haseebmajid_curve
      - *framework
      - *mainboard
      - *um790
      - *ms01
      - *s100

  - path_regex: modules/nixos/secrets.ya?ml$
    key_groups:
    - age:
      - *workstation
      - *framework
      - *haseeb_workstation
      - *haseebmajid_curve
      - *um790
      - *ms01
      - *s100
      - *vps

  - path_regex: modules/nixos/services/secrets.ya?ml$
    key_groups:
    - age:
      - *workstation
      - *framework
      - *haseeb_workstation
      - *haseebmajid_curve
      - *um790
      - *ms01
      - *s100
      - *vps

  - path_regex: modules/home/secrets.ya?ml$
    key_groups:
    - age:
      - *framework
      - *haseeb_workstation
      - *haseebmajid_curve