{
  config,
  inputs,
  ...
}: let
  inherit (inputs) mysecrets;
  hostName =
    if (config.networking.hostName == "vylxae")
    then "sarien"
    else config.networking.hostName;
  sopsFile = mysecrets + "/hosts/${hostName}.yaml";
  dotSsh = name: "/home/user/.ssh/" + name;
  sshKey = {
    mode = "0400";
    owner = "user";
  };
in {
  imports = with inputs; [
    sops-nix.nixosModules.sops
  ];

  sops = {
    age = {
      sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
      keyFile = "/var/lib/sops-nix/key.txt";
      generateKey = true;
    };
    defaultSopsFile = mysecrets + "/common.yaml";
    secrets = {
      "user-password-hashed".neededForUsers = true;
      "ssh-config" = {
        path = dotSsh "config";
        mode = "0400";
        owner = "user";
      };
      "ssh-${hostName}-user" = {
        inherit sopsFile;
        inherit (sshKey) mode owner;
        path = dotSsh "id_ed25519";
      };
      "ssh-${hostName}-user.pub" = {
        inherit sopsFile;
        inherit (sshKey) mode owner;
        path = dotSsh "id_ed25519.pub";
      };
      "ssh-unexplrd" = {
        inherit (sshKey) mode owner;
        path = dotSsh "id_unexplrd_ed25519";
      };
      "ssh-unexplrd.pub" = {
        inherit (sshKey) mode owner;
        path = dotSsh "id_unexplrd_ed25519.pub";
      };
      "ssh-uni" = {
        inherit (sshKey) mode owner;
        path = dotSsh "id_uni_ed25519";
      };
      "ssh-uni.pub" = {
        inherit (sshKey) mode owner;
        path = dotSsh "id_uni_ed25519.pub";
      };
    };
  };
}