CCCHH/ansible-infra
CCCHH/ansible-infra
2
2
Fork 1
Code Issues 8 Pull requests 7 Wiki Activity Actions

Compare commits

base: CCCHH:cafdb1aa3055412846c2d295702ddd88f837aaaf
Branches Tags
CCCHH:main
CCCHH:renovate/all-stable-minor-patch
CCCHH:renovate/docker.io-pretix-standalone-2026.x
CCCHH:renovate/docker.io-library-redis-8.x
CCCHH:renovate/docker.io-library-postgres-18.x
CCCHH:renovate/docker.io-library-mariadb-12.x
CCCHH:renovate/docker.io-pretix-standalone-2024.x
CCCHH:renovate/docker.io-pretalx-standalone-2025.x
CCCHH:tmp-chris-hier-bitte
CCCHH:alloy
CCCHH:router-killing-turing
CCCHH:fix_ansible_lint
CCCHH:feature/add-new-router
CCCHH:fux-alerts
CCCHH:move_to_sops
...
compare: CCCHH:7f80bb5e7ced9035526a03f1fc87a6931c72d37d
Branches Tags
CCCHH:renovate/all-stable-minor-patch
CCCHH:renovate/docker.io-pretix-standalone-2026.x
CCCHH:renovate/docker.io-library-redis-8.x
CCCHH:renovate/docker.io-library-postgres-18.x
CCCHH:renovate/docker.io-library-mariadb-12.x
CCCHH:renovate/docker.io-pretix-standalone-2024.x
CCCHH:renovate/docker.io-pretalx-standalone-2025.x
CCCHH:main
CCCHH:tmp-chris-hier-bitte
CCCHH:alloy
CCCHH:router-killing-turing
CCCHH:fix_ansible_lint
CCCHH:feature/add-new-router
CCCHH:fux-alerts
CCCHH:move_to_sops

1 commit
cafdb1aa30 ... 7f80bb5e7c

Author SHA1 Message Date
lilly
7f80bb5e7c
 		only allow sops encryption of *.sops.* files
Some checks failed
/ Ansible Lint (pull_request) Has been cancelled
Details
/ Ansible Lint (push) Has been cancelled
Details
2026-03-05 20:23:36 +01:00
1 changed files with 29 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

57
.sops.yaml
View file

@ -43,168 +43,169 @@ keys:
creation_rules:
## group vars
- path_regex: inventories/chaosknoten/group_vars/all.*
- path_regex: inventories/chaosknoten/group_vars/*.sops.*
key_groups:
- pgp:
*admin_gpg_keys
age:
*host_chaosknoten_age_keys
- path_regex: inventories/external/group_vars/all.*
- path_regex: inventories/external/group_vars/*.sops.*
key_groups:
- pgp:
*admin_gpg_keys
age:
*host_external_age_keys
- path_regex: inventories/z9/group_vars/all.*
- path_regex: inventories/z9/group_vars/*.sops.*
key_groups:
- pgp:
*admin_gpg_keys
## host vars
# chaosknoten hosts
- path_regex: inventories/chaosknoten/host_vars/acmedns.*
- path_regex: inventories/chaosknoten/host_vars/acmedns.sops.*
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_acmedns_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/cloud.*
- path_regex: inventories/chaosknoten/host_vars/cloud.sops.*
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_cloud_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/keycloak.*
- path_regex: inventories/chaosknoten/host_vars/keycloak.sops.*
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_keycloak_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/grafana.*
- path_regex: inventories/chaosknoten/host_vars/grafana.sops.*
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_grafana_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/pad.*
- path_regex: inventories/chaosknoten/host_vars/pad.sops.*
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_pad_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/ccchoir.*
- path_regex: inventories/chaosknoten/host_vars/ccchoir.sops.*
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_ccchoir_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/pretalx.*
- path_regex: inventories/chaosknoten/host_vars/pretalx.sops.*
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_pretalx_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/netbox.*
- path_regex: inventories/chaosknoten/host_vars/netbox.sops.*
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_netbox_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/tickets.*
- path_regex: inventories/chaosknoten/host_vars/tickets.sops.*
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_tickets_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/onlyoffice.*
- path_regex: inventories/chaosknoten/host_vars/onlyoffice.sops.*
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_onlyoffice_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/zammad.*
- path_regex: inventories/chaosknoten/host_vars/zammad.sops.*
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_zammad_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/ntfy.*
- path_regex: inventories/chaosknoten/host_vars/ntfy.sops.*
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_ntfy_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/eh22-wiki.*
- path_regex: inventories/chaosknoten/host_vars/eh22-wiki.sops.*
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_eh22_wiki_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/sunders.*
- path_regex: inventories/chaosknoten/host_vars/sunders.sops.*
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_sunders_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/wiki.*
- path_regex: inventories/chaosknoten/host_vars/wiki.sops.*
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_wiki_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/renovate.*
- path_regex: inventories/chaosknoten/host_vars/renovate.sops.*
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_renovate_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/lists.*
- path_regex: inventories/chaosknoten/host_vars/lists.sops.*
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_lists_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/mumble.*
- path_regex: inventories/chaosknoten/host_vars/mumble.sops.*
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_mumble_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/public-reverse-proxy.*
- path_regex: inventories/chaosknoten/host_vars/public-reverse-proxy.sops.*
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_public_reverse_proxy_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/spaceapiccc.*
- path_regex: inventories/chaosknoten/host_vars/spaceapiccc.sops.*
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_spaceapiccc_ansible_pull_age_key
- path_regex: inventories/chaosknoten/host_vars/mjolnir.*
- path_regex: inventories/chaosknoten/host_vars/mjolnir.sops.*
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_mjolnir_ansible_pull_age_key
# external hosts
- path_regex: inventories/external/host_vars/status.*
- path_regex: inventories/external/host_vars/status.sops.*
key_groups:
- pgp:
*admin_gpg_keys
age:
- *host_status_ansible_pull_age_key
# z9 hosts
- path_regex: inventories/z9/host_vars/dooris.*
- path_regex: inventories/z9/host_vars/dooris.sops.*
key_groups:
- pgp:
*admin_gpg_keys
- path_regex: inventories/z9/host_vars/yate.*
- path_regex: inventories/z9/host_vars/yate.sops.*
key_groups:
- pgp:
*admin_gpg_keys
# general
- key_groups:
- path_regex: inventories/**/*.sops.*
key_groups:
- pgp:
*admin_gpg_keys