infrastructure/.sops.yaml

keys:
- &kat CD8CE78CB0B3BDD4 # https://inskip.me/pubkey.asc
- &mew 65BD3044771CB6FB
- &shanghai_osh age1ua5dukhxsmztpwqrcd25zyvdqhww565dn3uj5mqm7evg9khfjfnq66zywn
- &nue_osh age19wwvlh83p4a3t76j8wzcmh2ns9w348ttff5n9h3zwnmxhm3vtgyqg7qh6x
- &hakurei_osh age12ze362pu5mza6ef9akrptr7hfe4auaqul4rkta7kyy2tnrstqensgmujeq
- &reimu_osh age176uyyyk7veqnzmm8xzwfhf0u23m6hm02cldlfkldunqe6std0gcq6lg057
- &utsuho_osh age15hmlkd9p5rladsjzpmvrh6u34xvggu9mzdsdxdj3ms43tltxeuhq4g7g9k
- &aya_osh age10t6kc5069cyky929vvxk8aznqyxpkx3k5h5rmlyz83xtjmr22ahqe8mzes
- &tewi_gen age17haatqc7gpk9t690affyqcvwmhmz0us95en2r7qpqzw29tpq3ffspld0cf
- &tewi_osh age172nhlv3py990k2rgw64hy27hffmnpv6ssxyu9fepww7zxfgg347qna4gzt
- &tei_osh age1a2quf2ekkj94ygu7wgvhrvh44fwn32c0l2cwvgvjh23wst90s54szdsvgr
- &mediabox_osh age16klpkaut5759dut8mdm3jn0rnp8w6kxyvs9n6ntqrdsayjtd7upqlvw489
- &litterbox_osh age1xg6zm9t25wjakljm54m38pjdr9q53jysdcl82r5xwkrn0cgyuvvsuh63eh
- &litterbox2_osh age1qjaxj6dtqqr66pvzp8skwhs740w9n4cfcwu0zt9aggk4w0ey8q5qqjk4yc
- &keycloak_osh age1ktmx2szedfnpe5xumnzs8vkk0ffqgga6ved3drtksg9pye6ndsnsnqq488
- &kasen_osh age1fjcafp0j45sz03zq5srnxyq2mujndmn25vceg3wj2cgzymqm73ssmhdgku
- &logistics_osh age1tkkau8vk5h9dh3kemash4eghn7lk84j0hhpmvvf7j6phgcsm9vmsphv0py
- &kuwubernetes_osh age1q2yjpxlqkfhsfxumtmax6zsyt669vlr9ffjks3dpkjf3cqdakcwqt2nt66
- &kuwubernetes_cluster age1nmdv4q8hcyj3s6qevrmc9w2vhd4a8tsj5j5e0cry5utex7vqeprslyjvxz
#- &sakuya_osh age1ehdj6hghtr8sf5s5c03rru4y3a02nwrt694e36tjnd6g7eq4l43qfradn6
- &sakuya_osh age1zq3hetjumlr6tjpsg8skn79f9ayykkk9azm2k6uanqgq4gq06uss5pckd9
- &minecraft_osh age16yjxkz4pzuu5qqenmyh9ecwmqkar6ehclvss7wx7mesdntwwy9ys6e7m3c
- &koishi_osh age1nr0qds8w3gldmdvhwu0p6w2ys8f4sd0h3xy94h9dsafjzttaypxquzmswc
- &goliath_osh age1c4atxfp05u7zm875s6q8p82ve96rqqpq9smktxlur8pk2yc3qvgql46dp9
creation_rules:
- path_regex: 'nixos/secrets/.+\.yaml$'
  shamir_threshold: 1
  key_groups:
  - pgp: &pgp_common
    - *kat
    - *mew
    age: &reisen_common
    - *hakurei_osh
    - *reimu_osh
    - *utsuho_osh
    - *aya_osh
    - *tei_osh
    - *mediabox_osh
    - *litterbox_osh
    - *litterbox2_osh
    - *keycloak_osh
    - *kasen_osh
    - *sakuya_osh
    - *logistics_osh
    - *minecraft_osh
- path_regex: 'modules/extern/secrets/.+\.yaml$'
  shamir_threshold: 1
  key_groups:
  - pgp: &pgp_common
    - *kat
    - *mew
    age: &extern_common
    - *shanghai_osh
    - *nue_osh
    - *koishi_osh
    - *goliath_osh
- path_regex: 'systems/hakurei/secrets\.yaml$'
  shamir_threshold: 1
  key_groups:
  - pgp: *pgp_common
    age:
    - *hakurei_osh
- path_regex: 'systems/reimu/secrets\.yaml$'
  shamir_threshold: 1
  key_groups:
  - pgp: *pgp_common
    age:
    - *reimu_osh
- path_regex: 'systems/utsuho/secrets\.yaml$'
  shamir_threshold: 1
  key_groups:
  - pgp: *pgp_common
    age:
    - *utsuho_osh
- path_regex: 'systems/aya/secrets\.yaml$'
  shamir_threshold: 1
  key_groups:
  - pgp: *pgp_common
    age:
    - *aya_osh
- path_regex: 'systems/sakuya/secrets\.yaml$'
  shamir_threshold: 1
  key_groups:
  - pgp: *pgp_common
    age:
    - *sakuya_osh
- path_regex: 'systems/tewi/secrets\.yaml$'
  shamir_threshold: 1
  key_groups:
  - pgp: *pgp_common
    age:
    - *tewi_gen
    - *tewi_osh
- path_regex: 'systems/tei/secrets\.yaml$'
  shamir_threshold: 1
  key_groups:
  - pgp: *pgp_common
    age:
    - *tei_osh
- path_regex: 'systems/mediabox/secrets\.yaml$'
  shamir_threshold: 1
  key_groups:
  - pgp: *pgp_common
    age:
    - *mediabox_osh
- path_regex: 'systems/litterbox/secrets\.yaml$'
  shamir_threshold: 1
  key_groups:
  - pgp: *pgp_common
    age:
    - *litterbox_osh
- path_regex: 'systems/litterbox-2/secrets\.yaml$'
  shamir_threshold: 1
  key_groups:
  - pgp: *pgp_common
    age:
    - *litterbox2_osh
- path_regex: 'systems/minecraft/secrets\.yaml$'
  shamir_threshold: 1
  key_groups:
    - pgp: *pgp_common
      age:
        - *minecraft_osh
- path_regex: 'systems/kuwubernetes/secrets\.yaml$'
  shamir_threshold: 1
  key_groups:
  - pgp: *pgp_common
    age:
    - *kuwubernetes_osh
- path_regex: 'systems/keycloak/secrets\.yaml$'
  shamir_threshold: 1
  key_groups:
  - pgp: *pgp_common
    age:
    - *keycloak_osh
- path_regex: 'systems/kasen/secrets\.yaml$'
  shamir_threshold: 1
  key_groups:
  - pgp: *pgp_common
    age:
    - *kasen_osh
- path_regex: 'systems/logistics/secrets\.yaml$'
  shamir_threshold: 1
  key_groups:
  - pgp: *pgp_common
    age:
    - *logistics_osh
- path_regex: 'systems/[^/]+/secrets\.yaml$'
  shamir_threshold: 1
  key_groups:
  - pgp: *pgp_common
- path_regex: tf/terraform.tfvars.sops$
  shamir_threshold: 1
  key_groups:
  - pgp: *pgp_common
- path_regex: 'k8s/.*secret.yaml'
  shamir_threshold: 1
  encrypted_suffix: 'Templates'
  key_groups:
  - pgp: *pgp_common
    age:
    - *kuwubernetes_cluster