{ pkgs, config, lib, inputs, ... }:

let
  cfg = config.modules.system.sops;
in
{
  imports = [ inputs.sops-nix.nixosModules.sops ];

  options.modules.system.sops = {
    enable = lib.mkEnableOption "enables sops";
  };

  config = lib.mkIf cfg.enable {
    # enable and configure sops for secrets
    sops = {
      defaultSopsFile = ../../secrets/secrets.yaml;
      defaultSopsFormat = "yaml";
      age.keyFile = "/home/blake/.config/sops/age/keys.txt";

      secrets = {
        # define secrets with the following syntax
        # secret path is the nesting of headings in the yaml file
        # the secret is auto place in /run/<path to secret> path allows you to symlink to the /run to where ever is needed
        # "<secret_name/path>" = {
        #   owner = "<user>";
        #   group = "<group>";
        #   path = "<path on system to place flile>"
        # };

        "tailscale_authkey" = lib.mkIf config.modules.system.tailscale.enable { 
          owner = "root";
        };
        "key1" = { 
          owner = "root";
        };
        "key3" = { 
          owner = "blake";
          group = "blake";
          path = "/run/secrets/HEHEHEH";
        };
        "blake_pass" = { 
          owner = "root";
          group = "root";
          path = "/run/secrets/blake_pass";
          neededForUsers = true;
        };
        
      };
    };
  };
}