{
  config,
  ...
}:{
  sops.defaultSopsFile = ../secrets/common.yaml;
  sops.age.keyFile = "/var/lib/sops-nix/age-key.txt"; #opt/nixflake/secrets/age-key.txt;
  sops.age.generateKey = true;

  sops.secrets.wifi = {};
  
  sops.secrets."${config.hostcfg.hostname}_ssh_priv" = {
    mode = "0440";
    owner = config.users.users.sora.name;
    group = config.users.users.sora.group;
  };
  sops.secrets."${config.hostcfg.hostname}_ssh_pub" = {
    mode = "0440";
    owner = config.users.users.sora.name;
    group = config.users.users.sora.group;
  };
  sops.secrets."${config.hostcfg.hostname}_wg_priv" = {};
  sops.secrets."${config.hostcfg.hostname}_wg_pub" = {};

}