{ inputs, config, pkgs, lib, ... }:
let
  sopsConfigPath = "${config.xdg.configHome}/home-manager/jsl-home/.sops.yaml";
  sopsSecretsPath = "${config.xdg.configHome}/home-manager/jsl-home/keys/secrets.yaml";
in
{
  imports = [
    inputs.sops-nix.homeManagerModules.sops
  ];
  sops = {
    # It's also possible to use a ssh key, but only when it has no password:
    age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ];
    defaultSopsFile = ../keys/secrets.yaml;
    defaultSopsFormat = "yaml";
    
    secrets."api/gmail_client_secret" = { };

    templates."gmail_creds" = {
      content = ''
        {
            "installed": {
                "client_id": "499012320469-vtml6emu6bmujpsj9lud2b44jqu7h26j.apps.googleusercontent.com",
                "project_id": "python-apis-423500",
                "auth_uri": "https://accounts.google.com/o/oauth2/auth",
                "token_uri": "https://oauth2.googleapis.com/token",
                "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
                "client_secret": "${config.sops.placeholder."api/gmail_client_secret"}",
                "redirect_uris": [
                    "http://localhost"
                ]
            }
        }
      '';
      path = "${config.xdg.configHome}/sops-nix/gmail_api_credentials.json";
    };
  };

  home.sessionVariables = {
    GMAIL_CREDS_PATH = "${config.xdg.configHome}/sops-nix/gmail_api_credentials.json";
  };

  home.packages = with pkgs; [
    (writeShellScriptBin "edit-secrets" ''
      ${sops}/bin/sops --config ${sopsConfigPath} ${sopsSecretsPath}
    '')
    sops
    age
  ];
  programs.zsh.shellAliases.sops = lib.mkIf config.enableShell "sops --config ${sopsConfigPath}";
}