secrets: slight adjustment

This commit is contained in:
Guanran Wang 2023-12-17 18:19:27 +08:00
parent 50f8612308
commit 635c1d97a6
Signed by: nyancat
SSH key fingerprint: SHA256:8oWGKciPALWut/6WA27oFKofX+6Wtc0gQnsefXLQx/8
3 changed files with 11 additions and 8 deletions

View file

@ -1,12 +1,15 @@
keys:
# Users
- &users:
- &guanranwang age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq
- &admin_guanranwang age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq
# Hosts
# nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
- &server_81fw age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp
- &hosts:
- &aristotle age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
- path_regex: users/guanranwang/secrets.yaml$
key_groups:
- age:
- *admin_guanranwang
- *server_81fw
- *guanranwang
- *aristotle

View file

@ -25,7 +25,7 @@
### sops-nix
sops = {
defaultSopsFile = ../../../secrets/secrets.yaml;
defaultSopsFile = ../../../secrets.yaml;
age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
gnupg.sshKeyPaths = [];
secrets = {