{ config, inputs ,... }:
{
  imports = [
    inputs.sops-nix.nixosModules.sops
  ];

  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
  sops.age.keyFile = "/var/lib/sops-nix/key.txt";
  sops.age.generateKey = true;

  sops.defaultSopsFile = ./common.yaml;
  #sops.defaultSopsFile = lib.mkIf (builtins.pathExists ./secrets/${hostname}.yaml) ./secrets/${hostname}.yaml;
  #sops.secrets = let # TODO: importYAML does not exist
  #  file = ./secrets/${hostname}.yaml;
  #  exists = builtins.pathExists file;
  #  yaml = lib.removeAttrs (lib.importYAML file) ["sops"];
  #  secrets = lib.attrNames yaml; # TODO: recurse
  #in
  #  if !exists then {} else lib.mkMerge (lib.forEach secrets (secret:
  #    lib.mkIf (config.sops.secrets ? secret) {
  #      "${secret}".sopsFile = file;
  #    }
  #  ));
}