flake/.sops.yaml

keys:
  - &guanranwang age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq

  # ssh-to-age < /etc/ssh/ssh_host_ed25519_key.pub
  - &dust age193x79xx8snu82w3t3hax6nruuw57g7pduwnkpvzkzmd7fs5jvfrquqa3sl
  - &pek0 age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk
  - &sin0 age1u7srtfpgf83hesmsvtqdqftl8xrjmmp33mlg0aze6ken866ad55qxmzdqd
  - &tyo0 age1vw4kf5v8cfnhfhvl0eyvqzpvy9hpfv9enffvzyt95tx5mu7s5dxqjqw0fa
creation_rules:
  # per host
  - path_regex: ^hosts/dust/secrets.yaml$
    key_groups:
      - age:
          - *guanranwang
          - *dust
  - path_regex: ^hosts/pek0/secrets.yaml$
    key_groups:
      - age:
          - *guanranwang
          - *pek0
  - path_regex: ^hosts/aws/tyo0/secrets.yaml$
    key_groups:
      - age:
          - *guanranwang
          - *tyo0
  - path_regex: ^hosts/vultr/sin0/secrets.yaml$
    key_groups:
      - age:
          - *guanranwang
          - *sin0

  # shared
  - path_regex: ^nixos/profiles/restic/secrets.yaml$
    key_groups:
      - age:
          - *guanranwang
          - *dust
          - *sin0
  - path_regex: ^nixos/profiles/sing-box/secrets.yaml$
    key_groups:
      - age:
          - *guanranwang
          - *dust
          - *pek0
  - path_regex: ^nixos/profiles/sing-box-server/secrets.yaml$
    key_groups:
      - age:
          - *guanranwang
          - *tyo0
          - *sin0

  # opentofu
  - path_regex: ^infra/secrets.yaml$
    key_groups:
      - age:
          - *guanranwang
initial commit 2023-09-19 08:17:43 +08:00			`keys:`
secrets: fix warning 2024-01-28 06:40:56 +08:00			`- &guanranwang age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq`
initial commit 2023-09-19 08:17:43 +08:00
flake: bump 2024-09-16 01:20:38 +08:00			`# ssh-to-age < /etc/ssh/ssh_host_ed25519_key.pub`
hosts: add dust 2024-07-24 00:14:27 +08:00			`- &dust age193x79xx8snu82w3t3hax6nruuw57g7pduwnkpvzkzmd7fs5jvfrquqa3sl`
flake: bump 2024-09-16 01:20:38 +08:00			`- &pek0 age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk`
infra: init opentofu 2024-09-22 00:21:30 +08:00			`- &sin0 age1u7srtfpgf83hesmsvtqdqftl8xrjmmp33mlg0aze6ken866ad55qxmzdqd`
flake: bump 2024-09-16 01:20:38 +08:00			`- &tyo0 age1vw4kf5v8cfnhfhvl0eyvqzpvy9hpfv9enffvzyt95tx5mu7s5dxqjqw0fa`
initial commit 2023-09-19 08:17:43 +08:00			`creation_rules:`
nixos: fine grain secrets 2024-10-01 00:15:02 +08:00			`# per host`
			`- path_regex: ^hosts/dust/secrets.yaml$`
			`key_groups:`
			`- age:`
			`- *guanranwang`
			`- *dust`
infra: init opentofu 2024-09-22 00:21:30 +08:00			`- path_regex: ^hosts/pek0/secrets.yaml$`
treewide: update I honestly have no idea how to commit this pile of stuff one by one... 2024-05-24 00:15:10 +08:00			`key_groups:`
			`- age:`
			`- *guanranwang`
flake: bump 2024-09-16 01:20:38 +08:00			`- *pek0`
nixos: fine grain secrets 2024-10-01 00:15:02 +08:00			`- path_regex: ^hosts/aws/tyo0/secrets.yaml$`
lightsail-tokyo: add hysteria forgot to commit... 2024-04-23 05:01:38 +08:00			`key_groups:`
			`- age:`
lightsail-tokyo: add domain and bunch of services 2024-05-03 07:43:48 +08:00			`- *guanranwang`
flake: bump 2024-09-16 01:20:38 +08:00			`- *tyo0`
sin0: add telegram danbooru_img_bot 2024-10-07 16:07:24 +08:00			`- path_regex: ^hosts/vultr/sin0/secrets.yaml$`
			`key_groups:`
			`- age:`
			`- *guanranwang`
			`- *sin0`
nixos: fine grain secrets 2024-10-01 00:15:02 +08:00
			`# shared`
nixos: add restic 2024-09-22 16:31:23 +08:00			`- path_regex: ^nixos/profiles/restic/secrets.yaml$`
			`key_groups:`
			`- age:`
			`- *guanranwang`
			`- *dust`
			`- *sin0`
infra: init opentofu 2024-09-22 00:21:30 +08:00			`- path_regex: ^nixos/profiles/sing-box/secrets.yaml$`
treewide: cleanup 2024-07-10 07:12:02 +08:00			`key_groups:`
			`- age:`
			`- *guanranwang`
hosts: add dust 2024-07-24 00:14:27 +08:00			`- *dust`
flake: bump 2024-09-16 01:20:38 +08:00			`- *pek0`
sin0: add sing-box 2024-09-22 04:19:03 +08:00			`- path_regex: ^nixos/profiles/sing-box-server/secrets.yaml$`
			`key_groups:`
			`- age:`
			`- *guanranwang`
			`- *tyo0`
			`- *sin0`
nixos: fine grain secrets 2024-10-01 00:15:02 +08:00
			`# opentofu`
infra: init opentofu 2024-09-22 00:21:30 +08:00			`- path_regex: ^infra/secrets.yaml$`
			`key_groups:`
			`- age:`
			`- *guanranwang`