refactor(secrets): Moved host specific secrets to subdirs
This commit is contained in:
parent
dab42bd8c2
commit
fd83bd2dc2
3 changed files with 9 additions and 2 deletions
|
@ -1,10 +1,17 @@
|
||||||
keys:
|
keys:
|
||||||
- &admin_gaspard age1rgu2e75kt4uztr43y6wj70uz2sj3tr9lz58y4h6rk37alq2vwa5q9v35dr
|
- &admin_gaspard age1rgu2e75kt4uztr43y6wj70uz2sj3tr9lz58y4h6rk37alq2vwa5q9v35dr
|
||||||
- &server_ovh age1th4zyxdg3y5sdza9v3zlezzru7wyqwvk5y0t7jdv97ej3gd6d5hs5mg7cr
|
- &server_ovh age1th4zyxdg3y5sdza9v3zlezzru7wyqwvk5y0t7jdv97ej3gd6d5hs5mg7cr
|
||||||
|
- &server_pi4 age1th4zyxdg3y5sdza9v3zlezzru7wyqwvk5y0t7jdv97ej3gd6d5hs5mg7cr
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
|
- path_regex: secrets/OVHCloud/[^/]+\.(yaml|json|env|ini)$
|
||||||
key_groups:
|
key_groups:
|
||||||
- pgp:
|
- pgp:
|
||||||
age:
|
age:
|
||||||
- *admin_gaspard
|
- *admin_gaspard
|
||||||
- *server_ovh
|
- *server_ovh
|
||||||
|
- path_regex: secrets/pi4/[^/]+\.(yaml|json|env|ini)$
|
||||||
|
key_groups:
|
||||||
|
- pgp:
|
||||||
|
age:
|
||||||
|
- *admin_gaspard
|
||||||
|
- *server_pi4
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
# This will add secrets.yml to the nix store
|
# This will add secrets.yml to the nix store
|
||||||
# You can avoid this by adding a string to the full path instead, i.e.
|
# You can avoid this by adding a string to the full path instead, i.e.
|
||||||
# sops.defaultSopsFile = "/root/.sops/secrets/example.yaml";
|
# sops.defaultSopsFile = "/root/.sops/secrets/example.yaml";
|
||||||
sops.defaultSopsFile = ../../secrets/OVHCloud.yaml;
|
sops.defaultSopsFile = ../../secrets/OVHCloud/default.yaml;
|
||||||
# This will automatically import SSH keys as age keys
|
# This will automatically import SSH keys as age keys
|
||||||
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
|
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue