{ user, home }:
{
  config,
  lib,
  pkgs,
  inputs,
  ...
}:
let
  hmConfig = config.home-manager.users.${user};
in
{
  home-manager.users.${user}.sops = {
    secrets = {
      "registry/personal/docker.io" = {
        sopsFile = "${inputs.secrets}/personal/secrets.yaml";
        key = "registry/docker.io";
      };

      "registry/personal/registry.karaolidis.com" = {
        sopsFile = "${inputs.secrets}/personal/secrets.yaml";
        key = "registry/registry.karaolidis.com";
      };

      "registry/sas/cr.sas.com" = {
        sopsFile = "${inputs.secrets}/sas/secrets.yaml";
        key = "registry/cr.sas.com";
      };
    };

    templates.containers-auth = {
      content = builtins.readFile (
        (pkgs.formats.json { }).generate "auth.json" {
          auths = {
            "docker.io" = {
              auth = hmConfig.sops.placeholder."registry/personal/docker.io";
            };
            "registry.karaolidis.com" = {
              auth = hmConfig.sops.placeholder."registry/personal/registry.karaolidis.com";
            };
            "cr.sas.com" = {
              auth = hmConfig.sops.placeholder."registry/sas/cr.sas.com";
            };
          };
        }
      );
      path = "${home}/.config/containers/auth.json";
    };
  };
}