nixos: backend server

nixos/.sops.yaml

@@ -0,0 +1,17 @@
+keys:
+  # Add key signature below
+  - &admin_antoine C8CEBB1753433CCCD2AF0638BD721F0A3BAE578C
+
+  # Update this signature with phobos'
+  # Run the following line to get the fingerprint and the public key of Phobos
+  # ```
+  # ssh root@phobos "cat /etc/ssh/ssh_host_rsa_key" | nix-shell -p ssh-to-pgp --run "ssh-to-pgp -o phobos.asc"
+  # ```
+  # You have to import the key afterward using `gpg --import phobos.asc`
+  - &srv_phobos 9cb1fda8a56fa7ab852f666fc3592125321adf42 # replace this fingerprint with the new one `gpg --list-keys`
+creation_rules:
+  - path: secrets/phobos.yaml
+    key_groups:
+    - pgp:
+      - *admin_antoine
+      - *srv_phobos