{ config, lib, ... }:
let
  cfg = config.mjallen.sops;
in
{
  imports = [ ./options.nix ];

  config = lib.mkIf cfg.enable {
    sops = {
      age.keyFile = "/home/admin/.config/sops/age/keys.txt";
      defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
      validateSopsFiles = false;
      secrets = {
        "ssh-keys-public/jallen-nas" = {
          path = "/home/admin/.ssh/id_ed25519.pub";
          mode = "0644";
        };
        "ssh-keys-private/jallen-nas" = {
          path = "/home/admin/.ssh/id_ed25519";
          mode = "0600";
        };
        "ssh-keys-public/desktop-nixos" = {
          path = "/home/admin/.ssh/authorized_keys";
          mode = "0600";
        };

        "ssh-keys-public/desktop-nixos-root" = {
          path = "/home/admin/.ssh/authorized_keys2";
          mode = "0600";
        };

        "ssh-keys-public/desktop-windows" = {
          path = "/home/admin/.ssh/authorized_keys3";
          mode = "0600";
        };

        "ssh-keys-public/macbook-macos" = {
          path = "/home/admin/.ssh/authorized_keys4";
          mode = "0600";
        };
      };
    };
  };
}