CCCHH/ansible-infra
CCCHH/ansible-infra
2
2
Fork 2
Code Issues 8 Pull requests 7 Wiki Activity Actions

Compare commits

base: CCCHH:a1891a99885f2a25fa9f95e137fdd5683f65484a
Branches Tags
CCCHH:main
CCCHH:renovate/all-stable-minor-patch
CCCHH:renovate/docker.io-pretix-standalone-2026.x
CCCHH:renovate/docker.io-library-redis-8.x
CCCHH:renovate/docker.io-library-postgres-18.x
CCCHH:renovate/docker.io-library-mariadb-12.x
CCCHH:renovate/docker.io-pretix-standalone-2024.x
CCCHH:renovate/docker.io-pretalx-standalone-2025.x
CCCHH:tmp-chris-hier-bitte
CCCHH:alloy
CCCHH:router-killing-turing
CCCHH:fix_ansible_lint
CCCHH:feature/add-new-router
CCCHH:fux-alerts
CCCHH:move_to_sops
..
compare: CCCHH:99365d06b246992ec62f27c89f66e6046537a4a7
Branches Tags
CCCHH:renovate/all-stable-minor-patch
CCCHH:renovate/docker.io-pretix-standalone-2026.x
CCCHH:renovate/docker.io-library-redis-8.x
CCCHH:renovate/docker.io-library-postgres-18.x
CCCHH:renovate/docker.io-library-mariadb-12.x
CCCHH:renovate/docker.io-pretix-standalone-2024.x
CCCHH:renovate/docker.io-pretalx-standalone-2025.x
CCCHH:main
CCCHH:tmp-chris-hier-bitte
CCCHH:alloy
CCCHH:router-killing-turing
CCCHH:fix_ansible_lint
CCCHH:feature/add-new-router
CCCHH:fux-alerts
CCCHH:move_to_sops

1 commit
a1891a9988 ... 99365d06b2

Author SHA1 Message Date
lilly
99365d06b2
 		only allow sops encryption of *.sops.* files
All checks were successful
/ Ansible Lint (push) Successful in 3m8s
Details
/ Ansible Lint (pull_request) Successful in 3m32s
Details
2026-03-06 19:51:33 +01:00
1 changed files with 30 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

59
.sops.yaml
View file

@ -43,170 +43,171 @@ keys:
creation_rules:
## group vars
- path_regex: "inventories/chaosknoten/group_vars/.+\\.sops\\..+"
- path_regex: inventories/chaosknoten/group_vars/.+\\.sops\\..+
key_groups:
- pgp:
*admin_gpg_keys
age:
*host_chaosknoten_age_keys
- path_regex: "inventories/external/group_vars/.+\\.sops\\..+"
- path_regex: inventories/external/group_vars/.+\\.sops\\..+
key_groups:
- pgp:
*admin_gpg_keys
age:
*host_external_age_keys
- path_regex: "inventories/z9/group_vars/.+\\.sops\\..+"
- path_regex: inventories/z9/group_vars/.+\\.sops\\..+
key_groups:
- pgp:
*admin_gpg_keys
## host vars
# chaosknoten hosts
- path_regex: "inventories/chaosknoten/host_vars/acmedns\\.sops\\..+"
- path_regex: inventories/chaosknoten/host_vars/acmedns\\.sops\\..+
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_acmedns_ansible_pull_age_key
- path_regex: "inventories/chaosknoten/host_vars/cloud\\.sops\\..+"
- path_regex: inventories/chaosknoten/host_vars/cloud\\.sops\\..+
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_cloud_ansible_pull_age_key
- path_regex: "inventories/chaosknoten/host_vars/keycloak\\.sops\\..+"
- path_regex: inventories/chaosknoten/host_vars/keycloak\\.sops\\..+
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_keycloak_ansible_pull_age_key
- path_regex: "inventories/chaosknoten/host_vars/grafana\\.sops\\..+"
- path_regex: inventories/chaosknoten/host_vars/grafana\\.sops\\..+
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_grafana_ansible_pull_age_key
- path_regex: "inventories/chaosknoten/host_vars/pad\\.sops\\..+"
- path_regex: inventories/chaosknoten/host_vars/pad\\.sops\\..+
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_pad_ansible_pull_age_key
- path_regex: "inventories/chaosknoten/host_vars/ccchoir\\.sops\\..+"
- path_regex: inventories/chaosknoten/host_vars/ccchoir\\.sops\\..+
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_ccchoir_ansible_pull_age_key
- path_regex: "inventories/chaosknoten/host_vars/pretalx\\.sops\\..+"
- path_regex: inventories/chaosknoten/host_vars/pretalx\\.sops\\..+
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_pretalx_ansible_pull_age_key
- path_regex: "inventories/chaosknoten/host_vars/netbox\\.sops\\..+"
- path_regex: inventories/chaosknoten/host_vars/netbox\\.sops\\..+
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_netbox_ansible_pull_age_key
- path_regex: "inventories/chaosknoten/host_vars/tickets\\.sops\\..+"
- path_regex: inventories/chaosknoten/host_vars/tickets\\.sops\\..+
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_tickets_ansible_pull_age_key
- path_regex: "inventories/chaosknoten/host_vars/onlyoffice\\.sops\\..+"
- path_regex: inventories/chaosknoten/host_vars/onlyoffice\\.sops\\..+
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_onlyoffice_ansible_pull_age_key
- path_regex: "inventories/chaosknoten/host_vars/zammad\\.sops\\..+"
- path_regex: inventories/chaosknoten/host_vars/zammad\\.sops\\..+
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_zammad_ansible_pull_age_key
- path_regex: "inventories/chaosknoten/host_vars/ntfy\\.sops\\..+"
- path_regex: inventories/chaosknoten/host_vars/ntfy\\.sops\\..+
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_ntfy_ansible_pull_age_key
- path_regex: "inventories/chaosknoten/host_vars/eh22-wiki\\.sops\\..+"
- path_regex: inventories/chaosknoten/host_vars/eh22-wiki\\.sops\\..+
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_eh22_wiki_ansible_pull_age_key
- path_regex: "inventories/chaosknoten/host_vars/sunders\\.sops\\..+"
- path_regex: inventories/chaosknoten/host_vars/sunders\\.sops\\..+
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_sunders_ansible_pull_age_key
- path_regex: "inventories/chaosknoten/host_vars/wiki\\.sops\\..+"
- path_regex: inventories/chaosknoten/host_vars/wiki\\.sops\\..+
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_wiki_ansible_pull_age_key
- path_regex: "inventories/chaosknoten/host_vars/renovate\\.sops\\..+"
- path_regex: inventories/chaosknoten/host_vars/renovate\\.sops\\..+
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_renovate_ansible_pull_age_key
- path_regex: "inventories/chaosknoten/host_vars/lists\\.sops\\..+"
- path_regex: inventories/chaosknoten/host_vars/lists\\.sops\\..+
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_lists_ansible_pull_age_key
- path_regex: "inventories/chaosknoten/host_vars/mumble\\.sops\\..+"
- path_regex: inventories/chaosknoten/host_vars/mumble\\.sops\\..+
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_mumble_ansible_pull_age_key
- path_regex: "inventories/chaosknoten/host_vars/public-reverse-proxy\\.sops\\..+"
- path_regex: inventories/chaosknoten/host_vars/public-reverse-proxy\\.sops\\..+
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_public_reverse_proxy_ansible_pull_age_key
- path_regex: "inventories/chaosknoten/host_vars/spaceapiccc\\.sops\\..+"
- path_regex: inventories/chaosknoten/host_vars/spaceapiccc\\.sops\\..+
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_spaceapiccc_ansible_pull_age_key
- path_regex: "inventories/chaosknoten/host_vars/mjolnir\\.sops\\..+"
- path_regex: inventories/chaosknoten/host_vars/mjolnir\\.sops\\..+
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_mjolnir_ansible_pull_age_key
# external hosts
- path_regex: "inventories/external/host_vars/status\\.sops\\..+"
- path_regex: inventories/external/host_vars/status\\.sops\\..+
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_status_ansible_pull_age_key
# z9 hosts
- path_regex: "inventories/z9/host_vars/dooris\\.sops\\..+"
- path_regex: inventories/z9/host_vars/dooris\\.sops\\..+
key_groups:
- pgp:
*admin_gpg_keys
- path_regex: "inventories/z9/host_vars/yate\\.sops\\..+"
- path_regex: inventories/z9/host_vars/yate\\.sops\\..+
key_groups:
- pgp:
*admin_gpg_keys
# general
- path_regex: ".+\\.sops\\..+"
- path_regex: inventories/.*\\.sops\\..+
key_groups:
- pgp: *admin_gpg_keys
- pgp:
*admin_gpg_keys
stores:
yaml: