keys: - &guanranwang age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq # ssh-to-age < /etc/ssh/ssh_host_ed25519_key.pub - &dust age193x79xx8snu82w3t3hax6nruuw57g7pduwnkpvzkzmd7fs5jvfrquqa3sl - &pek0 age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk - &sin0 age1u7srtfpgf83hesmsvtqdqftl8xrjmmp33mlg0aze6ken866ad55qxmzdqd - &tyo0 age1vw4kf5v8cfnhfhvl0eyvqzpvy9hpfv9enffvzyt95tx5mu7s5dxqjqw0fa creation_rules: # per host - path_regex: ^hosts/dust/secrets.yaml$ key_groups: - age: - *guanranwang - *dust - path_regex: ^hosts/pek0/secrets.yaml$ key_groups: - age: - *guanranwang - *pek0 - path_regex: ^hosts/aws/tyo0/secrets.yaml$ key_groups: - age: - *guanranwang - *tyo0 # shared - path_regex: ^nixos/profiles/restic/secrets.yaml$ key_groups: - age: - *guanranwang - *dust - *sin0 - path_regex: ^nixos/profiles/sing-box/secrets.yaml$ key_groups: - age: - *guanranwang - *dust - *pek0 - path_regex: ^nixos/profiles/sing-box-server/secrets.yaml$ key_groups: - age: - *guanranwang - *tyo0 - *sin0 # opentofu - path_regex: ^infra/secrets.yaml$ key_groups: - age: - *guanranwang