32 lines
1.2 KiB
YAML
32 lines
1.2 KiB
YAML
# XXX: missing: thinknix?, at some point mobile
|
|
# XXX: consider key groups
|
|
keys:
|
|
- &admin_framenix age1q80zzsgglj438verw74jghezn8ndpqldvg0mfxzwtaq4v5h7apusqysavz #framenix, thinknix
|
|
- &admin_workmac age1fft2ynhazjwtjmxsvt37qervtekktdln2968gjp4vcp5sp3jeg5segkz3x #workmac
|
|
# Generate AGE keys from SSH keys with:
|
|
# nix-shell -p ssh-to-age --run 'ssh some.example.com cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
|
|
- &machine_framenix age1kx93vp8l8jd6kz0kvk379udr5z8a9t6946w0ff5t9a2esn47nqzqlfzvwe
|
|
- &machine_workmac age1rpygw5lkhc0a5hq8fuhjzy57ls7pn5u76097z6g2p4nmlctl8pvsxrztd8
|
|
- &machine_thinknix age1ux8jt6dt2t5xc22h0qf6nakmhchf7hvzaj9a4spevjlugpafkyzq6vrn0f #thinknix
|
|
creation_rules:
|
|
# per-host secrets for host specific ones
|
|
- path_regex: hosts/framenix/secrets\.(yaml|json|env|ini)$
|
|
key_groups:
|
|
- age:
|
|
- *admin_framenix
|
|
- *machine_framenix
|
|
- path_regex: hosts/thinknix/secrets\.(yaml|json|env|ini)$
|
|
key_groups:
|
|
- age:
|
|
- *admin_framenix
|
|
- *machine_thinknix
|
|
# shared secrets
|
|
- path_regex: common/secrets\.(yaml|json|env|ini)$
|
|
key_groups:
|
|
- age:
|
|
- *admin_framenix
|
|
- *admin_workmac
|
|
- *machine_workmac
|
|
- *machine_framenix
|
|
- *machine_thinknix
|
|
|