{ lib, config, inputs, ... }:

let
  cfg = config.snowhawk.sops;
in
{
  imports = [
    inputs.sops-nix.nixosModules.sops
  ];

  options.snowhawk.sops = {
    enable = lib.mkEnableOption "sops";
  };

  config = lib.mkIf cfg.enable {
    sops = {
      defaultSopsFile = ../secrets.yaml;
      age = {
        sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
        keyFile = "/var/lib/sops-nix/key.txt";
        generateKey = true;
      };
    };
  };
}