{ lib, inputs, config, ... }: let secretsDirectory = builtins.toString inputs.nix-secrets; secretsFile = "${secretsDirectory}/secrets.yaml"; hasOptinPersistence = config.environment.persistence ? "/persist"; in { imports = [ inputs.sops-nix.nixosModules.sops ]; sops = { defaultSopsFile = "${secretsFile}"; validateSopsFiles = false; age = { sshKeyPaths = ["${lib.optionalString hasOptinPersistence "/persist"}/etc/ssh/ssh_host_ed25519_key"]; }; secrets = { "passwords/root".neededForUsers = true; "ssh_keys/deploy_key/id_ed25519" = { path = "/etc/ssh/deploy_key-ssh-ed25519"; }; }; }; }