old
 1{
 2  lib,
 3  config,
 4  myvars,
 5  sops-nix,
 6  ...
 7}: {
 8  imports =
 9    [
10      sops-nix.nixosModules.sops
11      ./hosts
12    ]
13    ++ (
14      builtins.map (k: {
15        sops.secrets."rclone-${k}" =
16          lib.mkIf
17          config.home-manager.users.${myvars.username}.programs.rclone.enable
18          {
19            key = "rclone/${k}";
20            owner = myvars.username;
21          };
22      }) ["onedrive-token" "restic-backup-token"]
23    );
24
25  sops.age = {
26    sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
27    generateKey = true;
28  };
29
30  sops.defaultSopsFile = ./secrets.yaml;
31
32  sops.secrets."github-access-token" = {};
33}