{
  inputs,
  config,
  lib,
  pkgs,
  ...
}:

let
  # Check both locations for secrets.yaml
  secretsInSubdir = "${toString inputs.self}/hosts/${config.networking.hostName}/secrets/secrets.yaml";
  secretsInRoot = "${toString inputs.self}/hosts/${config.networking.hostName}/secrets.yaml";
  secrets =
    if builtins.pathExists secretsInSubdir then
      secretsInSubdir
    else if builtins.pathExists secretsInRoot then
      secretsInRoot
    else
      null;
in
{
  imports = [ inputs.sops-nix.nixosModules.sops ];

  environment.systemPackages = with pkgs; [
    age
    sops
  ];

  sops.defaultSopsFile = lib.mkIf (secrets != null) (lib.mkDefault secrets);
}