.sops.yaml

keys:
  # each key has a corresponding ssh key

  - &users:
    - &admin age1288er8hk6rpfp5rg50hhw5m5xptyppwvrr4kje5l3qysah0m9v7qw47rnc
    
    - &upidapi age1ehtnj2jqzrqz4dhy7d465d0nw80v7hnsddpygtgujyyerfjyjsvsf5q7e7

    - &eradax age15ahjyyulps3sh2zncqg0fmtxtp4mvqmk9mlt4cujgcxzs0q40v8s9lph3y


  - &hosts:
    - &upinix-pc age1jg86srj56t8khvv6enf3vuxyzv8ws5j7rwzy4ar2zyf082ytqcsq43s773

    # - &upinix-laptop age1j35qp3h86grdkzk3m468gqcdpsvlsqnumakgpwc3jjt4a2cfweyqm4ewjl

    # - &minimal-installer-x86_64 age13cn9z4c93t4wm6pr54g6sgl9jtllkljpu74nfxfq7py4vwq4c33swyw3hu

    # - &full-installer-x86_64 age1pv4vess6fmduczjf82f9fzemumjugl67skye6hcwytqxd9kkx9dqatxyg7  
    
    - &eradax-laptop age15ahjyyulps3sh2zncqg0fmtxtp4mvqmk9mlt4cujgcxzs0q40v8s9lph3y


    # host keys stored in infra.yaml/${host name}
    # user keys stored in users/${user name}.yaml/ssh-key

creation_rules:
  # note: only one path_regex can apply per thing so we have
  # to manually add the admin key to each one
  # - path_regex: secrets/*
  #   key_groups:
  #    - age:
  # contains everything that is needed to setup all systems
  - path_regex: secrets/infra.yaml$
    key_groups:
      - age:
          - *admin
          - *upinix-pc
  
  # thins that all host should have accsess to           
  - path_regex: secrets/shared.yaml$
    key_groups:
      - age:
        - *admin
        
        - *eradax-laptop
        # - *upinix-pc
        # - *upinix-laptop

  # host secrets (eg host syncthing, however this shoud not actually be on a host level)
  - path_regex: secrets/hosts/eradax-laptop.yaml$
    key_groups:
      - age:
        - *admin
        
        - *eradax-laptop
        # - *upinix-pc
        # - *upinix-laptop
  
  # - path_regex: secrets/hosts/upinix-pc.yaml$
  #   key_groups:
  #     - age:
  #         - *admin
  #         - *upinix-pc
  #
  # - path_regex: secrets/hosts/upinix-laptop.yaml$
  #   key_groups:
  #     - age:
  #         - *admin
  #         - *upinix-laptop
  # 
  #
  # - path_regex: secrets/hosts/minimal-installer-x86_64.yaml$
  #   key_groups:
  #     - age:
  #         - *admin
  #         - *minimal-installer-x86_64
  #
  # - path_regex: secrets/hosts/full-installer-x86_64.yaml$
  #   key_groups:
  #     - age:
  #         - *admin
  #         - *full-installer-x86_64
  #
  # # user secrets should be basically everything
  - path_regex: secrets/users/eradax.yaml$
    key_groups:
      - age:
          - *admin
  
          - *eradax-laptop
  
          - *eradax

  # - path_regex: secrets/users/upidapi.yaml$
  #   key_groups:
  #     - age:
  #         - *admin
  #
  #         - *upinix-pc
  #         - *upinix-laptop
  #
  #         - *upidapi