prepare sops and auto fmt devshell hooks

2026-03-13 17:19:02 +01:00 · 2026-03-13 17:19:02 +01:00 · dee37a55e2
commit dee37a55e2
parent 9466ab3656
8 changed files with 205 additions and 4 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -0,0 +1,38 @@
+# SOPS configuration for StuRa HTW Dresden infrastructure
+#
+# This file defines which keys can decrypt which secrets.
+# Add GPG public keys (.asc files) or age keys to keys/hosts/ and keys/users/
+# to grant decryption access to hosts and users respectively.
+
+keys:
+  # Admin/user keys - add GPG public keys here
+  # Example:
+  # - &user_admin_key age1... or pgp fingerprint
+
+  # Host keys - add host-specific keys here
+  # Example:
+  # - &host_proxy_key age1... or pgp fingerprint
+  # - &host_git_key age1... or pgp fingerprint
+
+# Define which keys can access which files
+creation_rules:
+  # Default rule: all secrets can be decrypted by admin keys
+  - path_regex: secrets/.*\.yaml$
+    # key_groups:
+    # - pgp:
+    #   - *user_admin_key
+    # - age:
+    #   - *user_admin_key
+
+  # Host-specific secrets (example)
+  # - path_regex: secrets/proxy/.*\.yaml$
+  #   key_groups:
+  #   - pgp:
+  #     - *user_admin_key
+  #     - *host_proxy_key
+
+  # - path_regex: secrets/git/.*\.yaml$
+  #   key_groups:
+  #   - pgp:
+  #     - *user_admin_key
+  #     - *host_git_key