{ config, lib, inputs, ... }: let inherit (lib) mkOption types; cfg = config.vacu.sops; in { imports = [ inputs.sops-nix.nixosModules.sops ]; options.vacu.sops = { enable = mkOption { type = types.bool; default = true; }; secretsFolder = mkOption { type = types.path; default = "${inputs.self}/secrets"; defaultText = "/secrets"; }; }; config = lib.mkIf cfg.enable { sops = { defaultSopsFile = lib.mkDefault (cfg.secretsFolder + "/hosts/${config.vacu.hostname}.yaml"); age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; gnupg.sshKeyPaths = [ ]; # explicitly empty to disable gnupg; I don't use it and it takes up space on minimal configs }; }; }