{ lib, namespace, ... }:
with lib;
{
  options.${namespace}.sops = {
    enable = mkEnableOption "enable sops";

    defaultSopsFile = mkOption {
      type = types.nullOr types.path;
      default = null;
      description = "Default sops file to use for secrets. If null, will use the system-wide default.";
      example = "/etc/nixos/secrets/secrets.yaml";
    };

    generateAgeKey = mkOption {
      type = types.bool;
      default = true;
      description = "Whether to automatically generate an age key if one doesn't exist.";
    };

    ageKeyPath = mkOption {
      type = types.nullOr types.str;
      default = null;
      description = "Custom path to the age key file. If null, will use the default path.";
      example = "/var/lib/sops-nix/custom-key.txt";
    };

    sshKeyPaths = mkOption {
      type = types.listOf types.str;
      default = [ "/etc/ssh/ssh_host_ed25519_key" ];
      description = "List of SSH key paths to use for age decryption.";
      example = [
        "/etc/ssh/ssh_host_ed25519_key"
        "/etc/ssh/ssh_host_rsa_key"
      ];
    };

    validateSopsFiles = mkOption {
      type = types.bool;
      default = false;
      description = "Whether to validate that sops files exist.";
    };
  };
}