{ user, home }:
{
  config,
  inputs,
  lib,
  system,
  pkgs,
  ...
}:
let
  hmConfig = config.home-manager.users.${user};
  selfPkgs = inputs.self.packages.${system};
in
{
  home-manager.users.${user} = {
    sops = {
      secrets = {
        "git/credentials/personal/git.karaolidis.com/admin/username" = {
          sopsFile = ../../../../../../../secrets/personal/secrets.yaml;
          key = "git/credentials/git.karaolidis.com/admin/username";
        };

        "git/credentials/personal/git.karaolidis.com/admin/password" = {
          sopsFile = ../../../../../../../secrets/personal/secrets.yaml;
          key = "git/credentials/git.karaolidis.com/admin/password";
        };

        "git/credentials/sas/github.com/admin/username" = {
          sopsFile = ../../../../../../../secrets/sas/secrets.yaml;
          key = "git/credentials/github.com/admin/username";
        };

        "git/credentials/sas/github.com/admin/password" = {
          sopsFile = ../../../../../../../secrets/sas/secrets.yaml;
          key = "git/credentials/github.com/admin/password";
        };
      };

      templates."git/credentials" = {
        content = ''
          https://${hmConfig.sops.placeholder."git/credentials/personal/git.karaolidis.com/admin/username"}:${
            hmConfig.sops.placeholder."git/credentials/personal/git.karaolidis.com/admin/password"
          }@git.karaolidis.com
          https://${hmConfig.sops.placeholder."git/credentials/sas/github.com/admin/username"}:${
            hmConfig.sops.placeholder."git/credentials/sas/github.com/admin/password"
          }@github.com
        '';
        path = "${home}/.config/git/credentials";
      };
    };

    programs = {
      git.extraConfig.core.sshCommand = lib.meta.getExe (
        pkgs.writeShellApplication {
          name = "git-ssh-key-wrapper";
          runtimeInputs = with pkgs; [ openssh ];
          text = builtins.readFile ./git-ssh-key-wrapper.sh;
        }
      );

      ssh = {
        matchBlocks = {
          "github.com" = {
            hostname = "github.com";
            user = "git";
            identityFile = [
              "${home}/.ssh/ssh_sas_ed25519_key"
              "${home}/.ssh/ssh_personal_ed25519_key"
            ];
          };

          "gitlab.sas.com" = {
            hostname = "gitlab.sas.com";
            user = "git";
            identityFile = "${home}/.ssh/ssh_sas_ed25519_key";
          };

          "gerrit-svi.unx.sas.com" = {
            hostname = "gerrit-svi.unx.sas.com";
            user = "nikara";
            port = 29418;
            identityFile = "${home}/.ssh/ssh_sas_ed25519_key";
          };

          "artifactlfs.unx.sas.com" = {
            hostname = "artifactlfs.unx.sas.com";
            user = "nikara";
            port = 1339;
            identityFile = "${home}/.ssh/ssh_sas_rsa_key";
          };
        };

        userKnownHostsFiles =
          with selfPkgs;
          (
            [ ssh-known-hosts-github ]
            ++ lib.lists.optionals config.sas.build.private [
              ssh-known-hosts-sas-gitlab
              ssh-known-hosts-sas-gerrit
              ssh-known-hosts-sas-artifact
            ]
          );
      };
    };
  };
}