{ config, pkgs, ... }:
let
  keyFilePath = "/var/lib/sops-nix/age-key.txt";
  isCI = builtins.elem config.hostcfg.hostname [ "ci" ];
  sopsSettings = {
    sops.defaultSopsFile = ./common.yaml;
    sops.age.keyFile = keyFilePath;
    sops.age.generateKey = true;

    sops.secrets.wifi = { };

    sops.secrets."${config.hostcfg.hostname}_ssh_priv" = {
      mode = "0400";
      owner = config.users.users.sora.name;
      group = config.users.users.sora.group;
    };
    sops.secrets."${config.hostcfg.hostname}_ssh_pub" = {
      mode = "0400";
      owner = config.users.users.sora.name;
      group = config.users.users.sora.group;
    };
    sops.secrets."${config.hostcfg.hostname}_wg_priv" = { };
    sops.secrets."${config.hostcfg.hostname}_wg_pub" = { };
  };
in {
  environment.systemPackages = with pkgs; [ sops ];
  environment.sessionVariables.OPS_AGE_KEY_FILE = keyFilePath;
  inherit (if isCI then { } else sopsSettings) sops;

}