{ inputs, config, osConfig, ... }:
let
  secretsDirectory = builtins.toString inputs.nix-secrets;
  secretsFile = "${secretsDirectory}/secrets.yaml";
  homeDirectory = config.home.homeDirectory;
  username = config.home.username;
  hostname = osConfig.networking.hostName;
in
{
  imports = [
    inputs.sops-nix.homeManagerModules.sops
  ];

  sops = {
    age.keyFile = "${homeDirectory}/.config/sops/age/keys.txt";

    defaultSopsFile = "${secretsFile}";
    validateSopsFiles = false;

    secrets = {
      "ssh_keys/${username}@${hostname}/${username}@${hostname}-ssh-ed25519" = {
        path = "${homeDirectory}/.ssh/${username}@${hostname}-ssh-ed25519";
      };
      "ssh_keys/${username}@${hostname}/${username}@${hostname}-ssh-ed25519.pub" = {
        path = "${homeDirectory}/.ssh/${username}@${hostname}-ssh-ed25519.pub";
      };
      "ssh_keys/deploy_key/deploy_key-ssh-ed25519" = {
        path = "${homeDirectory}/.ssh/deploy_key-ssh-ed25519";
      };
      "ssh_keys/deploy_key/deploy_key-ssh-ed25519.pub" = {
        path = "${homeDirectory}/.ssh/deploy_key-ssh-ed25519.pub";
      };
    };
  };
}