{ inputs, config, pkgs, lib, ... }:
let
  sopsConfigPath = "${config.home.homeDirectory}/.config/home-manager/jsl-home/.sops.yaml";
  sopsSecretsPath = "${config.home.homeDirectory}/.config/home-manager/jsl-home/keys/secrets.yaml";
in
{
  imports = [
    inputs.sops-nix.homeManagerModules.sops
  ];
  sops = {
    # It's also possible to use a ssh key, but only when it has no password:
    age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ];
    defaultSopsFile = ../keys/secrets.yaml;
    defaultSopsFormat = "yaml";
  };
  home.packages = with pkgs; [
    (writeShellScriptBin "edit-secrets" ''
      sops --config ${sopsConfigPath} ${sopsSecretsPath}
    '')
    sops
    age
  ];
  programs.zsh.shellAliases.sops = lib.mkIf config.enableShell "sops --config ${sopsConfigPath}";
}