{ config, lib, pkgs, ... }:

with lib;

let cfg = config.sydnix.sops;
in {
  options = {
    sydnix.sops = {
      enable = mkEnableOption "Sops secrets";
      keyFile = mkOption {
        description = "Path to an Age key file.";
        type = types.path;
        default = "/persist/sydnix-key";
      };
      secrets = mkOption {
        description = "Secrets passed directly to sops-nix.";
        default = {};
      };
      package = mkOption {
        description = "Sops CLI package.  If null, nothing will be installed.";
        type = with types; nullOr package;
        default = pkgs.sops;
      };
    };
  };

  config = mkIf cfg.enable {
    sops.defaultSopsFile = ../../secrets.yaml;
    sops.defaultSopsFormat = "yaml";

    environment.systemPackages =
      mkIf (cfg.package != null)
        [ cfg.package ];

    sops.age.keyFile = cfg.keyFile;
    sops.secrets = cfg.secrets;
  };
}