nix-system-configurations/home-manager/personal/secrets.nix

# SPDX-FileCopyrightText: 2025 Ethan Reece <contact@ethanreece.com>
#
# SPDX-License-Identifier: MIT

{
  config,
  flakeConfig,
  inputs,
  lib,
  pkgs,
  ...
}:
{
  imports = [ inputs.sops-nix.homeManagerModules.sops ];
  sops = {
    defaultSopsFile = ../../sops/secrets.yaml;
    age.keyFile =
      if pkgs.stdenv.hostPlatform.isDarwin then
        "${config.home.homeDirectory}/Library/Application Support/sops/age/keys.txt"
      else
        "${config.home.homeDirectory}/.config/sops/age/keys.txt";
  };
  home.packages = [
    pkgs.bitwarden-cli
  ]
  ++ lib.optional config.flakeSettings.graphical pkgs.bitwarden-desktop;
  programs = {
    rbw = {
      enable = true;
      settings = {
        base_url = "https://vault.${flakeConfig.profiles.personal.domains.netName}";
        email = "vaultwarden@${flakeConfig.profiles.personal.domains.netName}";
        pinentry = config.services.gpg-agent.pinentry.package;
      };
    };
  };
}