Add pushing to hrz allowlist

2024-03-31 16:26:11 +02:00 · 2024-03-31 16:26:11 +02:00 · 67083126be
commit 67083126be
parent 8906e6c766
3 changed files with 87 additions and 3 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -4,6 +4,7 @@ keys:

  - &nyarlathotep age1s99d0vlj5qlm287n98jratql5fypvjrxxal0k5jl2aw9dcc8kyvqw5yyt4
  - &bragi age1lqvgpmlemyg9095ujck64u59ma29656zs7a4yxgz4s6u5cld2ccss69jwe
+  - &lobon age12nz7dtc0m5wasxm4r9crtkgwnzvauyfp0xh0n8z8jld0arn9ea9qe0agvn

 creation_rules:
  - path_regex: nixos/machines/nyarlathotep/.*
@ -18,6 +19,12 @@ creation_rules:
        - *nerf
        - *gonne
        - *bragi
+  - path_regex: nixos/machines/lobon/.*
+    key_groups:
+      - age:
+        - *nerf
+        - *gonne
+        - *lobon
  # this is the catchall clause if nothing above machtes. Encrypt to users but not
  # to machines
  - key_groups: