nixvimConfig/modules/nixOS/bundles/core/sops.nix

{
  pkgs,
  config,
  inputs,
  ...
}: let
  secretsFile = "../../../../secrets/secrets.json";
  secretsSet = builtins.fromJSON (builtins.readFile ./${secretsFile});
  devices = builtins.attrNames secretsSet.syncthing.devices;
in {
  imports = [
    inputs.sops-nix.nixosModules.sops
  ];

  sops = {
    defaultSopsFile = ./${secretsFile};
    validateSopsFiles = false;

    age = {
      # automatically import host SSH keys as age keys
      sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
      # this will use an age key that is expected to already be in the filesystem
      keyFile = "/var/lib/sops-nix/key.txt";
      # generate a new key if the key specified above does not exist
      generateKey = true;
    };

    # secrets will be output to /run/secrets
    secrets = {
    };
  };

  environment.systemPackages = with pkgs; [
    sops
  ];
}