{ inputs, ... }: {
  flake.nixosModules.security-sys-sopsnix = { config, pkgs, ... }: {
    imports = [ inputs.sops-nix.nixosModules.sops ];
    environment.systemPackages = [ pkgs.age pkgs.sops ];
    sops.defaultSopsFile = ../secrets/secrets.yaml;
    sops.age.sshKeyPaths = [];
    sops.gnupg.sshKeyPaths = [];
    environment.variables.SOPS_AGE_KEY_FILE = "/var/lib/sops/root-keys/master-host.txt";
    sops.age.keyFile = "/var/lib/sops/root-keys/master-host.txt";
    systemd.tmpfiles.rules = [
      "d /var/lib/sops/root-keys 0700 root root -"
      "d /var/lib/sops/user-keys 0750 root users -"
      "f /var/lib/sops/user-keys/master-user.txt 0640 root users -"
     ];
  };
}