CCCHH/ansible-infra
CCCHH/ansible-infra
2
2
Fork 1
Code Issues 8 Pull requests 7 Wiki Activity Actions

Compare commits

base: CCCHH:7f80bb5e7ced9035526a03f1fc87a6931c72d37d
Branches Tags
CCCHH:main
CCCHH:renovate/all-stable-minor-patch
CCCHH:renovate/docker.io-pretix-standalone-2026.x
CCCHH:renovate/docker.io-library-redis-8.x
CCCHH:renovate/docker.io-library-postgres-18.x
CCCHH:renovate/docker.io-library-mariadb-12.x
CCCHH:renovate/docker.io-pretix-standalone-2024.x
CCCHH:renovate/docker.io-pretalx-standalone-2025.x
CCCHH:tmp-chris-hier-bitte
CCCHH:alloy
CCCHH:router-killing-turing
CCCHH:fix_ansible_lint
CCCHH:feature/add-new-router
CCCHH:fux-alerts
CCCHH:move_to_sops
..
compare: CCCHH:cafdb1aa3055412846c2d295702ddd88f837aaaf
Branches Tags
CCCHH:renovate/all-stable-minor-patch
CCCHH:renovate/docker.io-pretix-standalone-2026.x
CCCHH:renovate/docker.io-library-redis-8.x
CCCHH:renovate/docker.io-library-postgres-18.x
CCCHH:renovate/docker.io-library-mariadb-12.x
CCCHH:renovate/docker.io-pretix-standalone-2024.x
CCCHH:renovate/docker.io-pretalx-standalone-2025.x
CCCHH:main
CCCHH:tmp-chris-hier-bitte
CCCHH:alloy
CCCHH:router-killing-turing
CCCHH:fix_ansible_lint
CCCHH:feature/add-new-router
CCCHH:fux-alerts
CCCHH:move_to_sops

1 commit
7f80bb5e7c ... cafdb1aa30

Author SHA1 Message Date
lilly
cafdb1aa30
 		only allow sops encryption of *.sops.* files
All checks were successful
/ Ansible Lint (push) Successful in 7m12s
Details
/ Ansible Lint (pull_request) Successful in 18m12s
Details
2026-03-05 20:32:15 +01:00
1 changed files with 28 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

56
.sops.yaml
View file

@ -43,168 +43,168 @@ keys:
creation_rules: creation_rules:
## group vars ## group vars
- path_regex: inventories/chaosknoten/group_vars/*.sops.* - path_regex: inventories/chaosknoten/group_vars/.+\\.sops\\..+
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
*host_chaosknoten_age_keys *host_chaosknoten_age_keys
- path_regex: inventories/external/group_vars/*.sops.* - path_regex: inventories/external/group_vars/.+\\.sops\\..+
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
*host_external_age_keys *host_external_age_keys
- path_regex: inventories/z9/group_vars/*.sops.* - path_regex: inventories/z9/group_vars/.+\\.sops\\..+
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
## host vars ## host vars
# chaosknoten hosts # chaosknoten hosts
- path_regex: inventories/chaosknoten/host_vars/acmedns.sops.* - path_regex: inventories/chaosknoten/host_vars/acmedns\\.sops\\..+
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_acmedns_ansible_pull_age_key - *host_acmedns_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/cloud.sops.* - path_regex: inventories/chaosknoten/host_vars/cloud\\.sops\\..+
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_cloud_ansible_pull_age_key - *host_cloud_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/keycloak.sops.* - path_regex: inventories/chaosknoten/host_vars/keycloak\\.sops\\..+
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_keycloak_ansible_pull_age_key - *host_keycloak_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/grafana.sops.* - path_regex: inventories/chaosknoten/host_vars/grafana\\.sops\\..+
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_grafana_ansible_pull_age_key - *host_grafana_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/pad.sops.* - path_regex: inventories/chaosknoten/host_vars/pad\\.sops\\..+
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_pad_ansible_pull_age_key - *host_pad_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/ccchoir.sops.* - path_regex: inventories/chaosknoten/host_vars/ccchoir\\.sops\\..+
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_ccchoir_ansible_pull_age_key - *host_ccchoir_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/pretalx.sops.* - path_regex: inventories/chaosknoten/host_vars/pretalx\\.sops\\..+
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_pretalx_ansible_pull_age_key - *host_pretalx_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/netbox.sops.* - path_regex: inventories/chaosknoten/host_vars/netbox\\.sops\\..+
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_netbox_ansible_pull_age_key - *host_netbox_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/tickets.sops.* - path_regex: inventories/chaosknoten/host_vars/tickets\\.sops\\..+
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_tickets_ansible_pull_age_key - *host_tickets_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/onlyoffice.sops.* - path_regex: inventories/chaosknoten/host_vars/onlyoffice\\.sops\\..+
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_onlyoffice_ansible_pull_age_key - *host_onlyoffice_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/zammad.sops.* - path_regex: inventories/chaosknoten/host_vars/zammad\\.sops\\..+
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_zammad_ansible_pull_age_key - *host_zammad_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/ntfy.sops.* - path_regex: inventories/chaosknoten/host_vars/ntfy\\.sops\\..+
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_ntfy_ansible_pull_age_key - *host_ntfy_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/eh22-wiki.sops.* - path_regex: inventories/chaosknoten/host_vars/eh22-wiki\\.sops\\..+
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_eh22_wiki_ansible_pull_age_key - *host_eh22_wiki_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/sunders.sops.* - path_regex: inventories/chaosknoten/host_vars/sunders\\.sops\\..+
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_sunders_ansible_pull_age_key - *host_sunders_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/wiki.sops.* - path_regex: inventories/chaosknoten/host_vars/wiki\\.sops\\..+
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_wiki_ansible_pull_age_key - *host_wiki_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/renovate.sops.* - path_regex: inventories/chaosknoten/host_vars/renovate\\.sops\\..+
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_renovate_ansible_pull_age_key - *host_renovate_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/lists.sops.* - path_regex: inventories/chaosknoten/host_vars/lists\\.sops\\..+
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_lists_ansible_pull_age_key - *host_lists_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/mumble.sops.* - path_regex: inventories/chaosknoten/host_vars/mumble\\.sops\\..+
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_mumble_ansible_pull_age_key - *host_mumble_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/public-reverse-proxy.sops.* - path_regex: inventories/chaosknoten/host_vars/public-reverse-proxy\\.sops\\..+
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_public_reverse_proxy_ansible_pull_age_key - *host_public_reverse_proxy_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/spaceapiccc.sops.* - path_regex: inventories/chaosknoten/host_vars/spaceapiccc\\.sops\\..+
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_spaceapiccc_ansible_pull_age_key - *host_spaceapiccc_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/mjolnir.sops.* - path_regex: inventories/chaosknoten/host_vars/mjolnir\\.sops\\..+
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_mjolnir_ansible_pull_age_key - *host_mjolnir_ansible_pull_age_key
# external hosts # external hosts
- path_regex: inventories/external/host_vars/status.sops.* - path_regex: inventories/external/host_vars/status\\.sops\\..+
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
age: age:
- *host_status_ansible_pull_age_key - *host_status_ansible_pull_age_key
# z9 hosts # z9 hosts
- path_regex: inventories/z9/host_vars/dooris.sops.* - path_regex: inventories/z9/host_vars/dooris\\.sops\\..+
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
- path_regex: inventories/z9/host_vars/yate.sops.* - path_regex: inventories/z9/host_vars/yate\\.sops\\..+
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys
# general # general
- path_regex: inventories/**/*.sops.* - path_regex: inventories/**/*\\.sops\\..+
key_groups: key_groups:
- pgp: - pgp:
*admin_gpg_keys *admin_gpg_keys