{ config, lib, pkgs, ... }:

{
  sops = {
    age.keyFile = "/home/emenel/.config/sops/age/keys.txt"; # must have no password!
    defaultSopsFile = ./secrets.yaml;
    secrets = {
      filez = {};
      media-server = {};
    };
    templates."media-server-secrets".content = ''
username=media
password=${config.sops.placeholder.media-server}
'';
    templates."filez-secrets".content = ''
username=admin
password=${config.sops.placeholder.filez}
'';
  };


  environment.etc = {
    "nixos/filez-secrets" = {
      source = config.sops.templates."filez-secrets".path;
      group = "users";
    };
    "nixos/media-server-secrets" = {
      source = config.sops.templates."media-server-secrets".path;
      group = "users";
    };
  };

}