From fd83bd2dc2f52a3e9c8eab9b2974d7ab049f45ee Mon Sep 17 00:00:00 2001 From: GaspardCulis Date: Tue, 5 Nov 2024 23:31:32 +0100 Subject: [PATCH] refactor(secrets): Moved host specific secrets to subdirs --- .sops.yaml | 9 ++++++++- hosts/OVHCloud/sops.nix | 2 +- secrets/{OVHCloud.yaml => OVHCloud/default.yaml} | 0 3 files changed, 9 insertions(+), 2 deletions(-) rename secrets/{OVHCloud.yaml => OVHCloud/default.yaml} (100%) diff --git a/.sops.yaml b/.sops.yaml index 66469cf..e5e0910 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,10 +1,17 @@ keys: - &admin_gaspard age1rgu2e75kt4uztr43y6wj70uz2sj3tr9lz58y4h6rk37alq2vwa5q9v35dr - &server_ovh age1th4zyxdg3y5sdza9v3zlezzru7wyqwvk5y0t7jdv97ej3gd6d5hs5mg7cr + - &server_pi4 age1th4zyxdg3y5sdza9v3zlezzru7wyqwvk5y0t7jdv97ej3gd6d5hs5mg7cr creation_rules: - - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ + - path_regex: secrets/OVHCloud/[^/]+\.(yaml|json|env|ini)$ key_groups: - pgp: age: - *admin_gaspard - *server_ovh + - path_regex: secrets/pi4/[^/]+\.(yaml|json|env|ini)$ + key_groups: + - pgp: + age: + - *admin_gaspard + - *server_pi4 diff --git a/hosts/OVHCloud/sops.nix b/hosts/OVHCloud/sops.nix index edbc448..2ec9dff 100644 --- a/hosts/OVHCloud/sops.nix +++ b/hosts/OVHCloud/sops.nix @@ -2,7 +2,7 @@ # This will add secrets.yml to the nix store # You can avoid this by adding a string to the full path instead, i.e. # sops.defaultSopsFile = "/root/.sops/secrets/example.yaml"; - sops.defaultSopsFile = ../../secrets/OVHCloud.yaml; + sops.defaultSopsFile = ../../secrets/OVHCloud/default.yaml; # This will automatically import SSH keys as age keys sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; diff --git a/secrets/OVHCloud.yaml b/secrets/OVHCloud/default.yaml similarity index 100% rename from secrets/OVHCloud.yaml rename to secrets/OVHCloud/default.yaml