{ config, lib, ... }:
let
  inherit (lib.mjallen.module) mkModule mkOpt mkBoolOpt;
in
mkModule {
  name = "sops";
  description = "SOPS secret management";
  options = {
    defaultSopsFile = mkOpt lib.types.path null "Default sops file.";

    generateAgeKey = mkBoolOpt true "Whether to automatically generate an age key if one doesn't exist.";

    ageKeyPath =
      mkOpt (lib.types.nullOr lib.types.str) null
        "Custom path to the age key file. If null, will use the default path.";

    sshKeyPaths = mkOpt (lib.types.listOf lib.types.str) [
      "/etc/ssh/ssh_host_ed25519_key"
    ] "SSH Key paths to use.";

    validateSopsFiles = mkBoolOpt false "Whether to validate that sops files exist.";
  };
  config = {
    sops = {
      inherit (config.mjallen.sops) defaultSopsFile validateSopsFiles;

      age = {
        inherit (config.mjallen.sops) generateAgeKey;

        keyFile =
          if config.mjallen.sops.ageKeyPath != null then
            config.mjallen.sops.ageKeyPath
          else
            "${config.users.users.${config.mjallen.user.name}.home}/.config/sops/age/keys.txt";

        sshKeyPaths = config.mjallen.sops.sshKeyPaths;
      };
    };
  };
}