config.sops attrs giving base name of secrets directory

[zackw]

I suggest that there should be a pair of attributes in config.sops that give the base pathnames of the secrets directories, something like

config.sops = {
    secretsDir = /run/secrets;
    secretsForUsersDir = /run/secrets-for-users;
    # etc
};

I want this because I want to do this:

services.openssh = {
    authorizedKeysInHomedir = false;
    authorizedKeysFiles = lib.mkForce [
        "${config.sops.secretsDir}/ssh_authorized_keys/%u"
    ];
    # etc
};

I currently have to hardcode /run/secrets where I have ${config.sops.secretsDir} in the example. It doesn't work to write config.sops.secrets."ssh_authorized_keys/%u".path because there is no secret named literally "ssh_authorized_keys/%u", the %u is a placeholder for the actual user name (expanded by sshd itself).