{ config
, lib
, ...
}:

with lib;
let
  cfg = config.my.programs.ssh;

  baseName = path: removeSuffix ".age" (baseNameOf path);
in
{
  options.my.programs.ssh = {
    enable = mkEnableOption "ssh";
    includeSecrets = mkOption {
      default = [ ];
      type = with types; listOf path;
    };
  };

  config =
    mkIf cfg.enable
      {
        age.secrets = listToAttrs (map
          (path: {
            name = baseName path;
            value = {
              file = path;
              owner = "1000";
            };
          })
          cfg.includeSecrets);
        home-manager.users.moritz.programs.ssh = {
          enable = true;
          includes = map (path: "/run/agenix/" + baseName path) cfg.includeSecrets;
        };
      };
}