.sops.nix at main · soopy.moe/gensokyo

soopy.moe / gensokyo
nixos config
gensokyo / .sops.nix
at main 1.7 kB view raw
 1let
 2  # maintainers
 3  age.soopyc_pxl7ag = "age1l3qxt6630dzesdclfm3eqgw3uuhwj09dh6typwlwr6clcv0qhfrqgtj2fk";
 4  # age.soopyc_yub302 = "age1yubikey1qgmfcf0vddslyza7djdekjjk3t3u29d474c5xscmcdye8x3spvhlxxj23xz";
 5  age.soopyc_mbp14 = "age1zkafenrdkkmatjh034yykpzjzzs5fx6kft23jlmsung3dwyufcksds59l2";
 6
 7  # hosts
 8  age.koumakan = "age18h7hya5terghrwawgpny28swlat2nqkdrfd4clk0svujqlz9xfusd3zeqt";
 9  age.satori = "age132qsqclmp5d6x968x5y8amdn90v64rldy3assprr8g8wjdpecvmqwryah8";
10  age.renko = "age1p6n5yh9fy09xspwf29klfsa4zdrhp04q22gvxkz2vvm88vt9tunsdn020s";
11  age.bocchi = "age1kdctxllje2rw3kwpzell0rt6t7mruc3h3j5zfjelnpmahchjlaqs9v9vm9";
12  age.kita = "age1qzma7prftj6d4atqcmatdl9le0tuuqzegm6f8e9gkwrp3pja0aaqs49g7n";
13  age.ryo = "age1tdatk0rrr6uf89g5vpq96wjcjcetkrs6yadkxv47v76q8qhtva2sn7tun2";
14  age.nijika = "age1rzxugsgkpnf0ns0w70swdc3sndjpktx23eucah4w47zcppz56sls2c5e6m";
15
16  everything = [
17    {
18      age = builtins.attrValues age;
19    }
20  ];
21
22  mkHost =
23    name: identities:
24    assert builtins.typeOf identities == "list";
25    {
26      path_regex = "creds/sops/${name}/.*";
27      key_groups = [
28        {
29          age = [
30            # admin
31            age.soopyc_pxl7ag
32            age.soopyc_mbp14
33          ]
34          ++ identities;
35        }
36      ];
37    };
38in
39{
40  # remember to run `just utils update-sops-config` and `sops updatekeys` after editing.
41  creation_rules = [
42    {
43      path_regex = "creds/sops/global/.*";
44      key_groups = everything;
45    }
46
47    (mkHost "koumakan" [ age.koumakan ])
48    (mkHost "satori" [ age.satori ])
49    (mkHost "renko" [ age.renko ])
50
51    (mkHost "bocchi" [ age.bocchi ])
52    (mkHost "kita" [ age.kita ])
53    (mkHost "ryo" [ age.ryo ])
54    (mkHost "nijika" [ age.nijika ])
55  ];
56}