init sops for mail and auth

.sops.yaml

@@ -1,38 +1,17 @@
-# SOPS configuration for StuRa HTW Dresden infrastructure
-#
-# This file defines which keys can decrypt which secrets.
-# Add GPG public keys (.asc files) or age keys to keys/hosts/ and keys/users/
-# to grant decryption access to hosts and users respectively.
-
 keys:
-  # Admin/user keys - add GPG public keys here
-  # Example:
-  # - &user_admin_key age1... or pgp fingerprint
+  - &goeranh age1qp7w80k3qtj79xsl0gwsfrkm037xrlnhm6th7tcyrvufh3szzp6s2pe7ra
+  - &mail age156ak7kc79tuwpv0hk9atl5dg27jqs6ddfqxvr9m4twqgsr23lgvsdmyfpr
+  - &auth age1njnkkr489hfmpn337zna2k3z66y9086t7cpcmz2vn68p4x43aujs6wh0g5
 
-  # Host keys - add host-specific keys here
-  # Example:
-  # - &host_proxy_key age1... or pgp fingerprint
-  # - &host_git_key age1... or pgp fingerprint
 
-# Define which keys can access which files
 creation_rules:
-  # Default rule: all secrets can be decrypted by admin keys
-  - path_regex: secrets/.*\.yaml$
-    # key_groups:
-    # - pgp:
-    #   - *user_admin_key
-    # - age:
-    #   - *user_admin_key
-
-  # Host-specific secrets (example)
-  # - path_regex: secrets/proxy/.*\.yaml$
-  #   key_groups:
-  #   - pgp:
-  #     - *user_admin_key
-  #     - *host_proxy_key
-
-  # - path_regex: secrets/git/.*\.yaml$
-  #   key_groups:
-  #   - pgp:
-  #     - *user_admin_key
-  #     - *host_git_key
+  - path_regex: hosts/mail/secrets.sops.yml$
+    key_groups:
+    - age:
+      - *mail
+      - *goeranh
+  - path_regex: hosts/auth/secrets.sops.yml$
+    key_groups:
+    - age:
+      - *auth
+      - *goeranh