{ config, lib, ... }: { sops = { defaultSopsFile = ./secrets.yaml; age = { keyFile = "/var/lib/sops-nix/key.txt"; generateKey = true; }; # TODO: auto loop over users secrets."users/derped/password".neededForUsers = true; secrets."certs/proxy".mode = "0440"; }; }