{ pkgs, lib, inputs, config, username, ... }: let secretsDirectory = builtins.toString inputs.nix-secrets; secretsFile = "${secretsDirectory}/secrets.yaml"; hasOptinPersistence = config.environment.persistence ? "/persist"; hostname = config.networking.hostName; in { imports = [ inputs.sops-nix.nixosModules.sops ]; sops = { defaultSopsFile = "${secretsFile}"; validateSopsFiles = false; age = { sshKeyPaths = [ "${lib.optionalString hasOptinPersistence "/persist"}/etc/ssh/ssh_host_ed25519_key" ]; }; secrets = { "passwords/root".neededForUsers = true; "ssh_keys/deploy_key/id_ed25519" = { path = "/etc/ssh/deploy_key-ssh-ed25519"; }; }; }; }