919dd7a sops: Prepare creation rules for new hosts — radicle-infra

Radicle Infrastructure as Code (NixOS, OpenTofu, …)

sops: Prepare creation rules for new hosts

Lorenz Leutgeb committed 11 months ago

commit 919dd7ae12a797209cad8f3c90862645e153a230
parent a37fba1779caea7c7b548397bae7f2589a959919

1 file changed +16 -0

modified .sops.yaml

@@ -5,6 +5,8 @@ seys:

   # Taken from `heartwood/.gitsigners`:
   - &erik    age1kygyyrr6m43lgmy8pq57nc0jfmzr38uv8p5udg956p39ghs4qvnsdzs6nm
   - &seed    age1jemy54kqt4xgglg5f3g3sda5tndsqhjynvdugpy0yknefnw69u7qwymfj4
   - &rosa    age1edrvqxxahlt760rnnq990m2hmeezh4gzl538e2zg5j2axnd37vaqcp0x49
   - &iris    age1m9vcrmqxqcghkk2672wpngwxsj5dk2807kmdze4r05nz7p3pue2s6djkm6
 creation_rules:
   - path_regex: os/host/seed/sops/[^/]+\.(bin|json|yaml|env)$
     key_groups:

@@ -13,3 +15,17 @@ creation_rules:

       - *fintan
       - *erik
       - *seed
   - path_regex: os/host/iris/sops/[^/]+\.(bin|json|yaml|env)$
     key_groups:
     - age:
       - *lorenz
       - *fintan
       - *erik
       - *iris
   - path_regex: os/host/rosa/sops/[^/]+\.(bin|json|yaml|env)$
     key_groups:
     - age:
       - *lorenz
       - *fintan
       - *erik
       - *rosa