keys:
- &kat CD8CE78CB0B3BDD4 # https://inskip.me/pubkey.asc
- &mew 65BD3044771CB6FB
- &hakurei_osh age12ze362pu5mza6ef9akrptr7hfe4auaqul4rkta7kyy2tnrstqensgmujeq
- &reimu_osh age176uyyyk7veqnzmm8xzwfhf0u23m6hm02cldlfkldunqe6std0gcq6lg057
- &utsuho_osh age15hmlkd9p5rladsjzpmvrh6u34xvggu9mzdsdxdj3ms43tltxeuhq4g7g9k
- &aya_osh age10t6kc5069cyky929vvxk8aznqyxpkx3k5h5rmlyz83xtjmr22ahqe8mzes
- &tewi_gen age17haatqc7gpk9t690affyqcvwmhmz0us95en2r7qpqzw29tpq3ffspld0cf
- &tewi_osh age172nhlv3py990k2rgw64hy27hffmnpv6ssxyu9fepww7zxfgg347qna4gzt
- &tei_osh age1a2quf2ekkj94ygu7wgvhrvh44fwn32c0l2cwvgvjh23wst90s54szdsvgr
- &mediabox_osh age16klpkaut5759dut8mdm3jn0rnp8w6kxyvs9n6ntqrdsayjtd7upqlvw489
- &litterbox_osh age13qgddr326g5je0fpq2r3k940vsr3fh9nlvl9xtcxk3xg2x0k3vsq7pvzaj
- &keycloak_osh age1ktmx2szedfnpe5xumnzs8vkk0ffqgga6ved3drtksg9pye6ndsnsnqq488
- &kuwubernetes_osh age1q2yjpxlqkfhsfxumtmax6zsyt669vlr9ffjks3dpkjf3cqdakcwqt2nt66
- &kuwubernetes_cluster age1nmdv4q8hcyj3s6qevrmc9w2vhd4a8tsj5j5e0cry5utex7vqeprslyjvxz
creation_rules:
- path_regex: 'nixos/secrets/.+\.yaml$'
  shamir_threshold: 1
  key_groups:
  - pgp: &pgp_common
    - *kat
    - *mew
    age: &reisen_common
    - *hakurei_osh
    - *reimu_osh
    - *utsuho_osh
    - *aya_osh
    - *tei_osh
    - *mediabox_osh
    - *litterbox_osh
    - *keycloak_osh
- path_regex: 'systems/hakurei/secrets\.yaml$'
  shamir_threshold: 1
  key_groups:
  - pgp: *pgp_common
    age:
    - *hakurei_osh
- path_regex: 'systems/reimu/secrets\.yaml$'
  shamir_threshold: 1
  key_groups:
  - pgp: *pgp_common
    age:
    - *reimu_osh
- path_regex: 'systems/utsuho/secrets\.yaml$'
  shamir_threshold: 1
  key_groups:
  - pgp: *pgp_common
    age:
    - *utsuho_osh
- path_regex: 'systems/aya/secrets\.yaml$'
  shamir_threshold: 1
  key_groups:
  - pgp: *pgp_common
    age:
    - *aya_osh
- path_regex: 'systems/tewi/secrets\.yaml$'
  shamir_threshold: 1
  key_groups:
  - pgp: *pgp_common
    age:
    - *tewi_gen
    - *tewi_osh
- path_regex: 'systems/tei/secrets\.yaml$'
  shamir_threshold: 1
  key_groups:
  - pgp: *pgp_common
    age:
    - *tei_osh
- path_regex: 'systems/mediabox/secrets\.yaml$'
  shamir_threshold: 1
  key_groups:
  - pgp: *pgp_common
    age:
    - *mediabox_osh
- path_regex: 'systems/litterbox/secrets\.yaml$'
  shamir_threshold: 1
  key_groups:
  - pgp: *pgp_common
    age:
    - *litterbox_osh
- path_regex: 'systems/kuwubernetes/secrets\.yaml$'
  shamir_threshold: 1
  key_groups:
  - pgp: *pgp_common
    age:
    - *kuwubernetes_osh
- path_regex: 'systems/keycloak/secrets\.yaml$'
  shamir_threshold: 1
  key_groups:
  - pgp: *pgp_common
    age:
    - *keycloak_osh
- path_regex: 'systems/[^/]+/secrets\.yaml$'
  shamir_threshold: 1
  key_groups:
  - pgp: *pgp_common
- path_regex: tf/terraform.tfvars.sops$
  shamir_threshold: 1
  key_groups:
  - pgp: *pgp_common
- path_regex: 'k8s/.*secret.yaml'
  shamir_threshold: 1
  encrypted_suffix: 'Templates'
  key_groups:
  - pgp: *pgp_common
    age:
    - *kuwubernetes_cluster