refactor(secrets): Moved host specific secrets to subdirs
This commit is contained in:
GaspardCulis
parent
dab42bd8c2
commit
fd83bd2dc2
3 changed files with 9 additions and 2 deletions
|
|
@ -1,10 +1,17 @@
|
|||
keys:
|
||||
- &admin_gaspard age1rgu2e75kt4uztr43y6wj70uz2sj3tr9lz58y4h6rk37alq2vwa5q9v35dr
|
||||
- &server_ovh age1th4zyxdg3y5sdza9v3zlezzru7wyqwvk5y0t7jdv97ej3gd6d5hs5mg7cr
|
||||
- &server_pi4 age1th4zyxdg3y5sdza9v3zlezzru7wyqwvk5y0t7jdv97ej3gd6d5hs5mg7cr
|
||||
creation_rules:
|
||||
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
|
||||
- path_regex: secrets/OVHCloud/[^/]+\.(yaml|json|env|ini)$
|
||||
key_groups:
|
||||
- pgp:
|
||||
age:
|
||||
- *admin_gaspard
|
||||
- *server_ovh
|
||||
- path_regex: secrets/pi4/[^/]+\.(yaml|json|env|ini)$
|
||||
key_groups:
|
||||
- pgp:
|
||||
age:
|
||||
- *admin_gaspard
|
||||
- *server_pi4
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
# This will add secrets.yml to the nix store
|
||||
# You can avoid this by adding a string to the full path instead, i.e.
|
||||
# sops.defaultSopsFile = "/root/.sops/secrets/example.yaml";
|
||||
sops.defaultSopsFile = ../../secrets/OVHCloud.yaml;
|
||||
sops.defaultSopsFile = ../../secrets/OVHCloud/default.yaml;
|
||||
# This will automatically import SSH keys as age keys
|
||||
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue