refactor(secrets): Moved host specific secrets to subdirs

This commit is contained in:
GaspardCulis 2024-11-05 23:31:32 +01:00
parent dab42bd8c2
commit fd83bd2dc2
3 changed files with 9 additions and 2 deletions

View file

@ -1,10 +1,17 @@
keys: keys:
- &admin_gaspard age1rgu2e75kt4uztr43y6wj70uz2sj3tr9lz58y4h6rk37alq2vwa5q9v35dr - &admin_gaspard age1rgu2e75kt4uztr43y6wj70uz2sj3tr9lz58y4h6rk37alq2vwa5q9v35dr
- &server_ovh age1th4zyxdg3y5sdza9v3zlezzru7wyqwvk5y0t7jdv97ej3gd6d5hs5mg7cr - &server_ovh age1th4zyxdg3y5sdza9v3zlezzru7wyqwvk5y0t7jdv97ej3gd6d5hs5mg7cr
- &server_pi4 age1th4zyxdg3y5sdza9v3zlezzru7wyqwvk5y0t7jdv97ej3gd6d5hs5mg7cr
creation_rules: creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ - path_regex: secrets/OVHCloud/[^/]+\.(yaml|json|env|ini)$
key_groups: key_groups:
- pgp: - pgp:
age: age:
- *admin_gaspard - *admin_gaspard
- *server_ovh - *server_ovh
- path_regex: secrets/pi4/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
age:
- *admin_gaspard
- *server_pi4

View file

@ -2,7 +2,7 @@
# This will add secrets.yml to the nix store # This will add secrets.yml to the nix store
# You can avoid this by adding a string to the full path instead, i.e. # You can avoid this by adding a string to the full path instead, i.e.
# sops.defaultSopsFile = "/root/.sops/secrets/example.yaml"; # sops.defaultSopsFile = "/root/.sops/secrets/example.yaml";
sops.defaultSopsFile = ../../secrets/OVHCloud.yaml; sops.defaultSopsFile = ../../secrets/OVHCloud/default.yaml;
# This will automatically import SSH keys as age keys # This will automatically import SSH keys as age keys
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];