ansible-infra/.sops.yaml

keys:
  admins:
    gpg: &admin_gpg_keys
      - &admin_gpg_djerun EF643F59E008414882232C78FFA8331EEB7D6B70
      - &admin_gpg_stb F155144FC925A1BEA1F8A2C59A2A4CD59BFDC5EC
      - &admin_gpg_jtbx 18DFCE01456DAB52EA38A6584EDC64F35FA1D6A5
      - &admin_gpg_yuri 87AB00D45D37C9E9167B5A5A333448678B60E505
      - &admin_gpg_june 057870A2C72CD82566A3EC983695F4FCBCAE4912
      - &admin_gpg_haegar F38C9D4228FC6F674E322D9C3326D914EB9B8F55
      - &admin_gpg_dario 5DA93D5C9D7320E1BD3522C79C78172B3551C9FD
      - &admin_gpg_echtnurich 8996B62CBD159DCADD3B6DC08BB33A8ABCF7BC4A
      - &admin_gpg_c6ristian B71138A6A8964A3C3B8899857B4F70C356765BAB
      - &admin_gpg_lilly D2E9C0807BF681F5E164DAFC5EE1B61CD90954CD
      - &admin_gpg_langoor 878FEA3CB6A6F6E7CD80ECBE28506E3585F9F533
  hosts:
    chaosknoten:
      age: &host_chaosknoten_age_keys
        - &host_netbox_ansible_pull_age_key age1ss82zwqkj438re78355p886r89csqrrfmkfp8lrrf8v23nza492qza4ey3
        - &host_cloud_ansible_pull_age_key age1gdfhx5hy829uqkw4nwjwlpvl7zqvljguzsnjv0dpwz5q5u7dtf6s90wndt
        - &host_eh22_wiki_ansible_pull_age_key age13nm6hfz66ce4wpn89fye05mag3l3h04etvz6wj7szm3vzrdlfupqhrp3fa
        - &host_grafana_ansible_pull_age_key age1jtusr294t8mzar2qy857v6s329ret9s353y4kuulxwnlyy4dvpjsvyl67m
        - &host_onlyoffice_ansible_pull_age_key age1a27euccw8j23wec76ls8vmzp7mntfcn4v8tkyegmg8alzfhk3suqwm6vgv
        - &host_pretalx_ansible_pull_age_key age133wy6sxhgx3kkwxecra6xf9ey2uhnvtjpgwawwfmpvz0jpd0s5dqe385u3
        - &host_sunders_ansible_pull_age_key age1na0nh9ndnr9cxpnlvstrxskr4fxf4spnkw48ufl7m43f98y40y7shhnvgd
        - &host_wiki_ansible_pull_age_key age1sqs05anv4acculyap35e6vehdxw3g6ycwnvh6hsuv8u33re984zsnqfvqv
        - &host_renovate_ansible_pull_age_key age18qam683rva3ee3wgue7r0ey4ws4jttz4a4dpe3q8kq8lmrp97ezq2cns8d
        - &host_ccchoir_ansible_pull_age_key age19rg2cuj9smv8nzxmr03azfqe69edhep53dep6kvh83paf08zv58sntm0fg
        - &host_tickets_ansible_pull_age_key age16znyzvquuy8467gg27mdwdt8k6kcu3fjrvfm6gnl4nmqp8tuvqaspqgcet
        - &host_keycloak_ansible_pull_age_key age1azkgwrcwqhc6flj7gturptpl2uvay6pd94cam4t6yuk2n4wlnsqsj38hca
        - &host_lists_ansible_pull_age_key age17x20h3m6wgfhereusc224u95ac8aj68fzlkkj5ptvs9c5vlz3usqdu7crq
        - &host_mumble_ansible_pull_age_key age1wnympe3x8ce8hk87cymmt6wvccs4aes5rhhs44hq0s529v5z4g5sfyphwx
        - &host_pad_ansible_pull_age_key age172pk7lyc6p4ewy0f2h6pau5d5sz6z8cq66hm4u4tpzx3an496a2sljx7x5
        - &host_public_reverse_proxy_ansible_pull_age_key age1p7pxgq5kwcpdkhkh3qq4pvnltrdk4gwf60hdhv8ka0mdxmgnjepqyleyen
        - &host_zammad_ansible_pull_age_key age1sv7uhpnk9d3u3je9zzvlux0kd83f627aclpamnz2h3ksg599838qjgrvqs
        - &host_ntfy_ansible_pull_age_key age1dkecypmfuj0tcm2cz8vnvq5drpu2ddhgnfkzxvscs7m4e79gpseqyhr9pg
creation_rules:
  # group vars
  - path_regex: inventories/chaosknoten/group_vars/all.*
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          *host_chaosknoten_age_keys
  # host vars
  - path_regex: inventories/chaosknoten/host_vars/cloud.*
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_cloud_ansible_pull_age_key
  - path_regex: inventories/chaosknoten/host_vars/keycloak.*
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_keycloak_ansible_pull_age_key
  - path_regex: inventories/chaosknoten/host_vars/grafana.*
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_grafana_ansible_pull_age_key
  - path_regex: inventories/chaosknoten/host_vars/pad.*
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_pad_ansible_pull_age_key
  - path_regex: inventories/chaosknoten/host_vars/ccchoir.*
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_ccchoir_ansible_pull_age_key
  - path_regex: inventories/chaosknoten/host_vars/pretalx.*
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_pretalx_ansible_pull_age_key
  - path_regex: inventories/chaosknoten/host_vars/netbox.*
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_netbox_ansible_pull_age_key
  - path_regex: inventories/chaosknoten/host_vars/tickets.*
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_tickets_ansible_pull_age_key
  - path_regex: inventories/chaosknoten/host_vars/onlyoffice.*
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_onlyoffice_ansible_pull_age_key
  - path_regex: inventories/chaosknoten/host_vars/zammad.*
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_zammad_ansible_pull_age_key
  - path_regex: inventories/chaosknoten/host_vars/ntfy.*
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_ntfy_ansible_pull_age_key
  - path_regex: inventories/chaosknoten/host_vars/eh22-wiki.*
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_eh22_wiki_ansible_pull_age_key
  - path_regex: inventories/chaosknoten/host_vars/sunders.*
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_sunders_ansible_pull_age_key
  - path_regex: inventories/chaosknoten/host_vars/wiki.*
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_wiki_ansible_pull_age_key
  - path_regex: inventories/chaosknoten/host_vars/renovate.*
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_renovate_ansible_pull_age_key
  - path_regex: inventories/chaosknoten/host_vars/lists.*
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_lists_ansible_pull_age_key
  - path_regex: inventories/chaosknoten/host_vars/mumble.*
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_mumble_ansible_pull_age_key
  - path_regex: inventories/chaosknoten/host_vars/public-reverse-proxy.*
    key_groups:
      - pgp:
          *admin_gpg_keys
        age:
          - *host_public_reverse_proxy_ansible_pull_age_key
  - path_regex: inventories/z9/host_vars/dooris.*
    key_groups:
      - pgp:
          *admin_gpg_keys
  - path_regex: inventories/z9/host_vars/yate.*
    key_groups:
      - pgp:
          *admin_gpg_keys
  # general
  - key_groups:
      - pgp:
          *admin_gpg_keys
stores:
  yaml:
    indent: 2