z9(hosts): setup ansible-pull for all z9 hosts

2026-03-30 21:54:42 +02:00 · 2026-03-30 21:54:42 +02:00 · 21f51ea2d7
commit 21f51ea2d7
parent 66830eaf30
8 changed files with 963 additions and 426 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -40,6 +40,12 @@ keys:
    external:
      age: &host_external_age_keys
        - &host_status_ansible_pull_age_key age1p546j6whqsyfkjuf674lawrnk2ex653fuvwhcwt46gkrspkq59sqzm5y87
+    z9:
+      age: &host_z9_age_keys
+        - &host_dooris_ansible_pull_age_key age1j0876shgsn7f2thxh9kx9x5uwnh45z6sy2jlk2qz5jhgedm26g5srn9kax
+        - &host_light_ansible_pull_age_key age1llkxtfx4dgnezmukj4ganx4ql9k4ga4ca9zuanf5r568jfp8peeqal490q
+        - &host_waybackproxy_ansible_pull_age_key age197tmckjll9999v5apqh5h70dktdxzxn92uyzce5j7jmesvnneecs9p7m5j
+        - &host_yate_ansible_pull_age_key age1yc9s8r7zt6tc7scfyxc3345khdwqrx0lwj4z6yp56h6rmauev50s5yqr22

 creation_rules:
  ## group vars
@ -59,6 +65,8 @@ creation_rules:
    key_groups:
      - pgp:
          *admin_gpg_keys
+        age:
+          *host_z9_age_keys
  ## host vars
  # chaosknoten hosts
  - path_regex: "inventories/chaosknoten/host_vars/acmedns\\.sops\\..+"
@ -199,10 +207,26 @@ creation_rules:
    key_groups:
      - pgp:
          *admin_gpg_keys
+        age:
+          - *host_dooris_ansible_pull_age_key
+  - path_regex: "inventories/z9/host_vars/light\\.sops\\..+"
+    key_groups:
+      - pgp:
+          *admin_gpg_keys
+        age:
+          - *host_light_ansible_pull_age_key
+  - path_regex: "inventories/z9/host_vars/waybackproxy\\.sops\\..+"
+    key_groups:
+      - pgp:
+          *admin_gpg_keys
+        age:
+          - *host_waybackproxy_ansible_pull_age_key
  - path_regex: "inventories/z9/host_vars/yate\\.sops\\..+"
    key_groups:
      - pgp:
          *admin_gpg_keys
+        age:
+          - *host_yate_ansible_pull_age_key
  # general
  - path_regex: ".+\\.sops\\..+"
    key_groups: