{ pkgs, inputs, config, ... }: let secretsDirectory = builtins.toString inputs.nix-secrets; secretsFile = "${secretsDirectory}/secrets.yaml"; hostname = config.networking.hostName; username = config.username; in { imports = [ inputs.sops-nix.nixosModules.sops ]; sops = { defaultSopsFile = "${secretsFile}"; validateSopsFiles = false; age = { sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; }; secrets = builtins.merge ({ "passwords/root".neededForUsers = true; }) if username != null then { "passwords/${username}".neededForUsers = true; } else {}; }; }; }