secrets: slight adjustment
This commit is contained in:
parent
50f8612308
commit
635c1d97a6
SSH key fingerprint:
SHA256:8oWGKciPALWut/6WA27oFKofX+6Wtc0gQnsefXLQx/8
3 changed files with 11 additions and 8 deletions
17
.sops.yaml
17
.sops.yaml
|
|
@ -1,12 +1,15 @@
|
|||
keys:
|
||||
# Users
|
||||
- &users:
|
||||
- &guanranwang age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq
|
||||
|
||||
- &admin_guanranwang age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq
|
||||
|
||||
# Hosts
|
||||
# nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
|
||||
- &server_81fw age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp
|
||||
- &hosts:
|
||||
- &aristotle age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp
|
||||
creation_rules:
|
||||
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
|
||||
- path_regex: users/guanranwang/secrets.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *admin_guanranwang
|
||||
- *server_81fw
|
||||
- age:
|
||||
- *guanranwang
|
||||
- *aristotle
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@
|
|||
|
||||
### sops-nix
|
||||
sops = {
|
||||
defaultSopsFile = ../../../secrets/secrets.yaml;
|
||||
defaultSopsFile = ../../../secrets.yaml;
|
||||
age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
|
||||
gnupg.sshKeyPaths = [];
|
||||
secrets = {
|
||||
|
|
|
|||
Loading…
Reference in a new issue