{
  lib,
  ...
}:
let
  inherit (lib) mkOption types;
in
{
  resources.secrets = {
    description = "Age secrets.";
    request =
      { ... }:
      {
        _class = "fediversity-resource-request";
        options = {
          names = mkOption {
            type = types.listOf types.str;
            default = [ ];
          };
        };
      };
    policy =
      { ... }:
      {
        _class = "fediversity-resource-policy";
        config = {
          resource-type = types.unspecified; # NixOS module
          apply =
            requests:
            {
              sources ? import ../../../../npins,
              ...
            }:
            {
              imports = [
                "${sources.agenix}/modules/age.nix"
              ];
              age.secrets = lib.genAttrs (lib.concatMap (request: request.names) requests) (name: {
                inherit name;
                value.file = "../../../../${name}.age";
              });
            };
        };
      };
  };
}