{ flake, config, ... }:
let
  inherit (flake.config.people)
    user0
    user2
    ;
  inherit (flake.config.machines)
    devices
    ;
  hostname = config.networking.hostName;
  desktop = devices.desktop.name;
  server = devices.server.name;
  fallaryn = devices.fallaryn.name;

  userLogic =
    if hostname == desktop then
      user0
    else if hostname == server then
      user0
    else if hostname == fallaryn then
      user2
    else
      "";
in
{
  sops = {
    defaultSopsFile = ../../secrets/secrets.yaml;
    validateSopsFiles = false;
    age = {
      keyFile = "/var/lib/sops-nix/key.txt";
      generateKey = false;
    };
    secrets = {
      "ssh/private" = {
        path = "/home/${userLogic}/.ssh/id_ed25519";
        owner = userLogic;
      };
      "ssh/public" = {
        path = "/home/${userLogic}/.ssh/id_ed25519.pub";
        owner = userLogic;
      };
      "ssh/hosts" = {
        path = "/home/${userLogic}/.ssh/known_hosts";
        owner = userLogic;
      };
      # "claude-api-key" = {
      #   path = "/home/${user0}/.config/zed/claude-api-key";
      #   owner = user0;
      # };
    };
  };
}