{
  # Snowfall Lib provides a customized `lib` instance with access to your flake's library
  # as well as the libraries available from your flake's inputs.
  lib,
  # An instance of `pkgs` with your overlays and packages applied is also available.
  pkgs,
  # You also have access to your flake's inputs.
  inputs,

  # Additional metadata is provided by Snowfall Lib.
  namespace, # The namespace used for your flake, defaulting to "internal" if not set.
  system, # The system architecture for this host (eg. `x86_64-linux`).
  target, # The Snowfall Lib target for this system (eg. `x86_64-iso`).
  format, # A normalized name for the system target (eg. `iso`).
  virtual, # A boolean to determine whether this system is a virtual target using nixos-generators.
  systems, # An attribute map of your defined hosts.

  # All other arguments come from the module system.
  config,
  ...
}:

let
  cfg = config.modules.sops;
in
{
  options.modules.sops = {
    enable = lib.mkOption { default = false; };
  };

  config = lib.mkIf cfg.enable {
    sops.defaultSopsFile = ../../../secrets/secrets.yaml;
    sops.defaultSopsFormat = "yaml";

    # Automatically generate age key from ssh key
    sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
    # This is using an age key that is expected to already be in the filesystem
    sops.age.keyFile = "/home/julian/.config/sops/age/keys.txt";
    # Generate key if none of the above worked. With this, building will still work, just without secrets
    sops.age.generateKey = true;

    # List of defined secrets
    # They all become files linked inside the "/run/secrets/" directory

  };
}