infrastructure/.sops.yaml

keys:
- &kat CD8CE78CB0B3BDD4 # https://inskip.me/pubkey.asc
- &mew 65BD3044771CB6FB
- &hakurei_osh age12ze362pu5mza6ef9akrptr7hfe4auaqul4rkta7kyy2tnrstqensgmujeq
- &tewi_gen age17haatqc7gpk9t690affyqcvwmhmz0us95en2r7qpqzw29tpq3ffspld0cf
- &tewi_osh age172nhlv3py990k2rgw64hy27hffmnpv6ssxyu9fepww7zxfgg347qna4gzt
- &tei_osh age1a2quf2ekkj94ygu7wgvhrvh44fwn32c0l2cwvgvjh23wst90s54szdsvgr
- &mediabox_osh age16klpkaut5759dut8mdm3jn0rnp8w6kxyvs9n6ntqrdsayjtd7upqlvw489
- &kuwubernetes_osh age1q2yjpxlqkfhsfxumtmax6zsyt669vlr9ffjks3dpkjf3cqdakcwqt2nt66
- &kuwubernetes_cluster age1nmdv4q8hcyj3s6qevrmc9w2vhd4a8tsj5j5e0cry5utex7vqeprslyjvxz
creation_rules:
- path_regex: 'nixos/secrets/.+\.yaml$'
  shamir_threshold: 1
  key_groups:
  - pgp: &pgp_common
    - *kat
    - *mew
    age: &reisen_common
    - *hakurei_osh
    - *tei_osh
    - *mediabox_osh
- path_regex: 'systems/hakurei/secrets\.yaml$'
  shamir_threshold: 1
  key_groups:
  - pgp: *pgp_common
    age:
    - *hakurei_osh
- path_regex: 'systems/tewi/secrets\.yaml$'
  shamir_threshold: 1
  key_groups:
  - pgp: *pgp_common
    age:
    - *tewi_gen
    - *tewi_osh
- path_regex: 'systems/tei/secrets\.yaml$'
  shamir_threshold: 1
  key_groups:
  - pgp: *pgp_common
    age:
    - *tei_osh
- path_regex: 'systems/mediabox/secrets\.yaml$'
  shamir_threshold: 1
  key_groups:
  - pgp: *pgp_common
    age:
    - *mediabox_osh
- path_regex: 'systems/kuwubernetes/secrets\.yaml$'
  shamir_threshold: 1
  key_groups:
  - pgp: *pgp_common
    age:
    - *kuwubernetes_osh
- path_regex: 'systems/[^/]+/secrets\.yaml$'
  shamir_threshold: 1
  key_groups:
  - pgp: *pgp_common
- path_regex: tf/terraform.tfvars.sops$
  shamir_threshold: 1
  key_groups:
  - pgp: *pgp_common
- path_regex: 'k8s/[^/]+/secret.yaml'
  shamir_threshold: 1
  key_groups:
  - pgp: *pgp_common
    age:
      *kuwubernetes_cluster