{ lib, config, inputs, ... }:

let
  cfg = config.snowhawk.sops;
  home = config.home.homeDirectory;
in
{
  imports = [
    inputs.sops-nix.homeManagerModules.sops
  ];

  options.snowhawk.sops = {
    enable = lib.mkEnableOption "sops";
  };

  config = lib.mkIf cfg.enable {
    sops = {
      age.keyFile = "${home}/.config/sops/age/keys.txt";

      defaultSopsFile = ../../secrets.yaml;
      validateSopsFiles = false;

      secrets = {
        "private_keys/personal_git" = {
          path = "${home}/.ssh/personal_git";
        };
        "private_keys/msiserver" = {
          path = "${home}/.ssh/msiserver";
        };
        "private_keys/caveserver" = {
          path = "${home}/.ssh/caveserver";
        };
        "ssh_hosts/caveserver" = {
          path = "${home}/.ssh/conf.d/caveserver_config";
        };
      };
    };
  };
}