flake/nixos/sops.nix

{ user, ... }:
{
  sops = {
    defaultSopsFile = ../.sops-secrets.yaml;
    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
    secrets = {
      "zipline" = {
        owner = user;
        path = "/home/${user}/.secrets/zipline";
      };
      "users/cswimr/password" = {
        neededForUsers = true;
        owner = user;
        path = "/home/${user}/.secrets/password";
      };
    };
  };
}