feat(nix): add sops for secrets

2025-10-29 22:36:06 -07:00 · 2025-10-29 22:36:06 -07:00 · d04ba5d01a
commit d04ba5d01a
parent 89232a7cd1
5 changed files with 75 additions and 3 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -0,0 +1,21 @@
+keys:
+  - &server_lappy age1ew0qvrhjafqcdluupf0etgchh7h7987kgqnfvh7plxe44k8xy94qw9pe5n
+  - &server_tanzanite age1myy382gauvgg77lyaqmj4ty7a9pgzqu85pqufk2rytudg9g8edeq5rupzw
+
+creation_rules:
+  - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
+    key_groups:
+      - age:
+        - *admin_lappy
+  - path_regex: secrets/stitchynyan/[^/]+\.(yaml|json|env|ini)$
+    key_groups:
+      - age:
+        - *admin_lappy
+  - path_regex: secrets/nyadmin/[^/]+\.(yaml|json|env|ini)$
+    key_groups:
+      - age:
+        - *admin_tanzanite
+  - path_regex: secrets/email_accounts/[^/]+\.(yaml|json|env|ini)$
+    key_groups:
+      - age:
+        - *server_tanzanite