{ config, lib, namespace, ... }:
let
  cfg = config.mjallen.sops;

  user = config.${namespace}.user.name;
  hostname = config.${namespace}.network.hostname;
in
{
  imports = [ ./options.nix ];

  config = lib.mkIf cfg.enable {
    sops = {
      age.keyFile = "/home/${user}/.config/sops/age/keys.txt";
      defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
      validateSopsFiles = false;
      secrets = {
        "ssh-keys-public/desktop-nixos" = {
          path = "/home/${user}/.ssh/id_ed25519.pub";
          mode = "0644";
        };
        "ssh-keys-private/desktop-nixos" = {
          path = "/home/${user}/.ssh/id_ed25519";
          mode = "0600";
        };
      };
    };
  };
}