From 8ab3783a2b7b4f88c2df8081c7d67dc52dc452f4 Mon Sep 17 00:00:00 2001
From: = <=>
Date: Mon, 23 Dec 2024 23:52:05 -0500
Subject: [PATCH] Add sops config

---
 .sops.yaml             | 10 ++++++++++
 talos/talos-patch.yaml |  1 +
 2 files changed, 11 insertions(+)
 create mode 100644 .sops.yaml

diff --git a/.sops.yaml b/.sops.yaml
new file mode 100644
index 0000000..35ed04a
--- /dev/null
+++ b/.sops.yaml
@@ -0,0 +1,10 @@
+creation_rules:
+  - path_regex: (secret|secrets)\.(yml|yaml)$
+    unencrypted_regex: ^(apiVersion|kind|name|namespace|type)$
+    kms: 'arn:aws:kms:us-east-1:140023401248:key/c51c2cc5-4e8e-484d-b2f0-4d4ec2039938'
+    # kms: 
+    #   - arn: 'arn:aws:kms:us-east-1:140023401248:key/c51c2cc5-4e8e-484d-b2f0-4d4ec2039938'
+    #     aws_profile: home
+    age: 'age1k5y5gj5fzpwtjgzqd4n93h4h9ek9jz8898rva5zsgj7zjet97ytq4dtzjs'
+    hc_vault_transit_uri: 'https://vault.balsillie.net:443/v1/sops/keys/krds'
+  
\ No newline at end of file
diff --git a/talos/talos-patch.yaml b/talos/talos-patch.yaml
index 21743bd..c38b9b3 100644
--- a/talos/talos-patch.yaml
+++ b/talos/talos-patch.yaml
@@ -9,6 +9,7 @@ cluster:
   extraManifests:
     - https://raw.githubusercontent.com/alex1989hu/kubelet-serving-cert-approver/main/deploy/standalone-install.yaml
     - https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
+    # - https://github.com/kubernetes-csi/csi-driver-nfs/blob/v4.9.0/deploy/example/pv-nfs-csi.yaml # TODO follow link and add individual manifests
     # - https://raw.githubusercontent.com/kubernetes/ingress-nginx/refs/tags/controller-v1.11.3/deploy/static/provider/baremetal/deploy.yaml
   inlineManifests:
     - name: calico-installation