2025-07-22 20:21:21 -04:00
|
|
|
keys:
|
|
|
|
|
- &personal_pgp_key 0x141576B17B4AE789
|
|
|
|
|
- &pc_main 0DCB1C584AECEB2674BB76C179FE3B714935CDAB
|
2026-01-13 15:39:16 -05:00
|
|
|
- &venus age1l6v7c5cp6sh6typgskwfufzkn3qw4av7r42z7lqyns6mtupytqhs2fg49u
|
|
|
|
|
- &personal_age_key age16p54d6tx3mg0htkzj43q2mzpvlqj4gz63mz5qzx8mpsp5zx4xexsszdhuk
|
2025-07-22 20:21:21 -04:00
|
|
|
|
|
|
|
|
creation_rules:
|
|
|
|
|
# This rule applies to any file named 'secrets.yaml' directly in the 'secrets/' directory
|
|
|
|
|
# or 'secrets/github-deploy-key.yaml' etc.
|
2026-01-13 15:39:16 -05:00
|
|
|
- path_regex: "secrets/vpn-config.yaml$"
|
2025-07-22 20:21:21 -04:00
|
|
|
key_groups:
|
|
|
|
|
- pgp:
|
|
|
|
|
- *personal_pgp_key
|
|
|
|
|
- *pc_main
|
2026-01-13 15:39:16 -05:00
|
|
|
- path_regex: "secrets/matrix-db.yaml$"
|
|
|
|
|
key_groups:
|
|
|
|
|
- age:
|
|
|
|
|
- *venus
|
|
|
|
|
- *personal_age_key
|
2025-07-22 20:21:21 -04:00
|
|
|
# Add host keys for decryption on the target system
|
|
|
|
|
# sops-nix will automatically pick up the system's SSH host keys
|
|
|
|
|
# as decryption keys if enabled in your NixOS config.
|
|
|
|
|
# So you typically don't list them explicitly here unless you
|
|
|
|
|
# want to restrict it to specific fingerprints, which is rare.
|
|
|
|
|
# This part ensures your *personal* key can decrypt it.
|
