flake/.sops.yaml

keys:
  # Users
  - &guanranwang age129yyxyz686qj88ce5v77ahelqqwt6zz94mzzls0ny4hq76psrd9qhc79kq

  # Hosts
  # nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
  - &aristotle age1hm6pkvt4d640wmjhxg5wxfwkp9zhcqre9klr4zg5kx2qx7vyhuuqlytmnp
  - &blacksteel age174knn6hjtukp32ymcdvjwj6x0j54g7yw02dqfjmua3fkyltwcqrsxccjdk
  - &lightsail-tokyo age1vw4kf5v8cfnhfhvl0eyvqzpvy9hpfv9enffvzyt95tx5mu7s5dxqjqw0fa
creation_rules:
  - path_regex: hosts/blacksteel/secrets.yaml$
    key_groups:
      - age:
          - *guanranwang
          - *blacksteel
  - path_regex: hosts/lightsail-tokyo/secrets.yaml$
    key_groups:
      - age:
          - *guanranwang
          - *lightsail-tokyo
  - path_regex: nixos/profiles/opt-in/mihomo/secrets.yaml$
    key_groups:
      - age:
          - *guanranwang
          - *aristotle
          - *blacksteel
  - path_regex: nixos/profiles/opt-in/wireless/secrets.yaml$
    key_groups:
      - age:
          - *guanranwang
          - *aristotle
          - *blacksteel
  - path_regex: secrets.yaml$
    key_groups:
      - age:
          - *guanranwang
          - *aristotle
          - *blacksteel
          - *lightsail-tokyo