flake/modules/nixos/sops/default.nix

{
  pkgs,
  lib,
  config,
  inputs,
  system,
  ...
}: let
  cfg = config.mods;
in
  with lib; {
    imports = [inputs.sops-nix.nixosModules.sops];
    sops = {
      age.keyFile = "/persist/var/lib/sops-nix/key.txt";
      defaultSopsFile = ./secrets.yaml;
      secrets.muon-password.neededForUsers = true;
      secrets.zipline-secret = mkIf cfg.server.share.enable {
        owner = "zipline";
        group = "zipline";
      };
      secrets.htpasswd = mkIf cfg.server.cal.enable {
        owner = "radicale";
        group = "radicale";
      };
      secrets.lemmy-password = mkIf cfg.server.lemmy.enable {};
      secrets.sops-key = {};
    };
  }