{
  inputs,
  config,
  lib,
  ...
}: {
  imports = [
    inputs.sops-nix.nixosModules.sops
  ];

  sops = {
    defaultSopsFile = ../secrets.yaml;
    validateSopsFiles = false;

    age = {
      sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
      keyFile = "/var/lib/sops/age/keys.txt";
      generateKey = true;
    };
  };
  sops.secrets = {
    xqtc_private = {
      path = "/home/xqtc/.ssh/id_ed25519";
      owner = "xqtc";
      mode = "600";
    };
    xqtc_public = {
      path = "/home/xqtc/.ssh/id_ed25519.pub";
      owner = "xqtc";
      mode = "640";
    };
  };
}