{
  config,
  lib,
  namespace,
  ...
}:
let
  cfg = config.${namespace}.sops;
in
{
  imports = [ ./options.nix ];

  config = {
    sops = {
      age.keyFile = "/home/${config.${namespace}.user.name}/.config/sops/age/keys.txt";
      defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
      validateSopsFiles = false;
      secrets = {
        "github-token" = { };
      };
      templates = {
        ".env".content = ''
          GITHUB_TOKEN = "${config.sops.placeholder.github-token}"
        '';
      };
    };

    programs.zsh.initContent = ''
      if [ -f ${config.sops.templates.".env".path} ]; then
        export $(grep -v '^#' ${config.sops.templates.".env".path} | xargs)
      fi
    '';
  };
}