diff --git a/modules/sops/default.nix b/modules/sops/default.nix
index cee0f86..106f41f 100644
--- a/modules/sops/default.nix
+++ b/modules/sops/default.nix
@@ -1,17 +1,20 @@
-{ config, lib, pkgs, ... }:
+{ config, options, lib, pkgs, ... }:
 
 with lib;
 
 let
   cfg = config.sops;
+  opts = options.sops;
   users = config.users.users;
   sops-install-secrets = cfg.package;
   sops-install-secrets-check = cfg.validationPackage;
-  regularSecrets = lib.filterAttrs (_: v: !v.neededForUsers) cfg.secrets;
-  secretsForUsers = lib.filterAttrs (_: v: v.neededForUsers) cfg.secrets;
-  secretType = types.submodule ({ config, ... }: {
+  secrets = mapAttrs (_: secret: removeAttrs secret ["sopsFile"]) cfg.secrets;
+  regularSecrets = lib.filterAttrs (_: v: !v.neededForUsers) secrets;
+  secretsForUsers = lib.filterAttrs (_: v: v.neededForUsers) secrets;
+  secretType = types.submodule ({ config, options, ... }: {
     config = {
-      sopsFiles = lib.mkOptionDefault cfg.defaultSopsFiles;
+      sopsFile = mkOptionDefault cfg.defaultSopsFile;
+      sopsFiles = if options.sopsFile.isDefined then warn "`sops.secrets.<name>.sopsFile` is being deprecated, use `sops.secrets.<name>.sopsFiles` instead" [ config.sopsFile ] else (lib.mkOptionDefault cfg.defaultSopsFiles);
       sopsFilesHash = mkOptionDefault (optionals cfg.validateSopsFiles (forEach config.sopsFiles (builtins.hashFile "sha256")));
     };
     options = {
@@ -70,6 +73,13 @@ let
           Group of the file.
         '';
       };
+      sopsFile = mkOption {
+        type = types.path;
+        defaultText = "\${config.sops.defaultSopsFile}";
+        description = ''
+          Sops file the secret is loaded from.
+        '';
+      };
       sopsFiles = mkOption {
         type = types.nonEmptyListOf types.path;
         defaultText = "\${config.sops.defaultSopsFiles}";
@@ -166,6 +176,13 @@ in {
       '';
     };
 
+    defaultSopsFile = mkOption {
+      type = types.path;
+      description = ''
+        Default sops file used for all secrets.
+      '';
+    };
+
     defaultSopsFiles = mkOption {
       type = types.nonEmptyListOf types.path;
       description = ''
@@ -318,7 +335,6 @@ in {
     ./templates
     (mkRenamedOptionModule [ "sops" "gnupgHome" ] [ "sops" "gnupg" "home" ])
     (mkRenamedOptionModule [ "sops" "sshKeyPaths" ] [ "sops" "gnupg" "sshKeyPaths" ])
-    (mkRemovedOptionModule [ "sops" "defaultSopsFile" ] ''use `sops.defaultSopsFiles` instead'')
   ];
   config = mkMerge [
     (mkIf (cfg.secrets != {}) {
@@ -348,6 +364,8 @@ in {
           cfg.secrets)
       );
 
+      warnings = optional opts.defaultSopsFile.isDefined "`sops.defaultSopsFile` is being deprecated, use `sops.defaultSopsFiles` instead";
+
       sops.environment.SOPS_GPG_EXEC = mkIf (cfg.gnupg.home != null) (mkDefault "${pkgs.gnupg}/bin/gpg");
 
       system.activationScripts = {