.

modules/nixos/system/default.nix

@@ -0,0 +1,6 @@
+{
+  imports = [
+    ./networking
+    ./security
+  ];
+}

modules/nixos/system/security/default.nix

@@ -3,6 +3,12 @@ let
   cfg = config.${namespace}.system.security;
 in
 {
+  imports = [
+    ./boot
+    ./sops
+    ./sudo
+  ];
+
   options.${namespace}.system.security = {};
 
   config = {
@@ -20,4 +26,4 @@ in
 
     programs.gnupg.agent.enable = true;
   };
-}
+}

modules/nixos/system/security/sops/default.nix

@@ -1,4 +1,4 @@
-{ pkgs, config, namespace, repoRoot, system, ... }:
+{ pkgs, config, namespace, repoRoot, ... }:
 let
   cfg = config.${namespace}.system.security.sops;
 in
@@ -10,7 +10,7 @@ in
 
     sops = {
       defaultSopsFormat = "yaml";
-      defaultSopsFile = repoRoot + "/systems/${system}/${config.networking.hostName}/secrets.yml";
+      defaultSopsFile = repoRoot + "/systems/${pkgs.stdenv.hostPlatform.system}/${config.networking.hostName}/secrets.yml";
 
       age = {
         # keyFile = "~/.config/sops/age/keys.txt";