# Documentation https://github.com/Mic92/sops-nix
# For example see here https://github.com/Mic92/dotfiles/blob/d6114726d859df36ccaa32891c4963ae5717ef7f/nixos/.sops.yaml

# Get the public host key with
# nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'

# Then run
# sops updatekeys secrets.yaml

# The user key should be in ~/.config/sops/age/keys.txt

keys:
  - &jonas age1a2kpues0gayampkn9pn2czhk24r0yl4jnw84qg4gh5l72dflx95qkmyqzv
  - &minoxy age1qddfn6apphafe4muvvv3vguxewa03ay2jlgqkng3uwwzfjw204dsfpt0uu
  - &thinix age1hvnmhkqgmxkgatw74se0vql6glxjtmdcv6zt52yuycpaavd4fulqfhx68a

creation_rules:
  - path_regex: secrets.yaml
    key_groups:
      - age:
        - *jonas
        - *minoxy
        - *thinix