{ lib, config, ... }:
let
  sops = config.maid.sops;
in
{
  options.maid.sops = {
    enable = lib.mkEnableOption "sops";

    work.enable = lib.mkEnableOption "work secrets";
    viendesu.enable = lib.mkEnableOption "VienDesu!";
  };

  config.sops = lib.mkIf sops.enable {
    age.keyFile = "/var/lib/sops-nix/key.txt";

    secrets = lib.mkMerge [
      (lib.mkIf sops.viendesu.enable {
        "viendesu/shadowsocks/gneg".sopsFile = ../secrets/viendesu.yaml;
        "viendesu/shadowsocks/yor".sopsFile = ../secrets/viendesu.yaml;
      })
      (lib.mkIf sops.work.enable {
        "work/ovpn".sopsFile = ../secrets/work.yaml;
        "work/password".sopsFile = ../secrets/work.yaml;
      })
    ];
  };
}