{inputs, ...}: let
  secretsPath = builtins.toString inputs.mysecrets;
in {
  imports = with inputs; [
    sops-nix.nixosModules.sops
  ];

  sops = {
    age = {
      sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
      keyFile = "/var/lib/sops-nix/key.txt";
      generateKey = true;
    };
    defaultSopsFile = "${secretsPath}/secrets.yaml";
    secrets = {
      "user-password-hashed".neededForUsers = true;
      "ssh-config" = {
        path = "/home/user/.ssh/config";
        mode = "0400";
        owner = "user";
      };
      "ssh-eldrid-user" = {
        path = "/home/user/.ssh/id_ed25519";
        mode = "0400";
        owner = "user";
      };
      "ssh-eldrid-user.pub" = {
        path = "/home/user/.ssh/id_ed25519.pub";
        mode = "0400";
        owner = "user";
      };
      "ssh-unexplrd" = {
        path = "/home/user/.ssh/id_unexplrd_ed25519";
        mode = "0400";
        owner = "user";
      };
      "ssh-unexplrd.pub" = {
        path = "/home/user/.ssh/id_unexplrd_ed25519.pub";
        mode = "0400";
        owner = "user";
      };
      "ssh-uni" = {
        path = "/home/user/.ssh/id_uni_ed25519";
        mode = "0400";
        owner = "user";
      };
      "ssh-uni.pub" = {
        path = "/home/user/.ssh/id_uni_ed25519.pub";
        mode = "0400";
        owner = "user";
      };
    };
  };
}