{
  user ? throw "user argument is required",
  home ? throw "home argument is required",
}:
{ lib, pkgs, ... }:
{
  home-manager.users.${user} = {
    sops.secrets = {
      "git/credentials" = {
        sopsFile = ../../../../../../../secrets/personal/secrets.yaml;
        path = "${home}/.config/git/credentials";
      };

      "git/cookies" = {
        sopsFile = ../../../../../../../secrets/personal/secrets.yaml;
        path = "${home}/.config/git/cookies";
      };
    };

    programs = {
      git.extraConfig.core.sshCommand = lib.meta.getExe (
        pkgs.writeShellApplication {
          name = "git-ssh-key-wrapper";
          runtimeInputs = with pkgs; [ openssh ];
          text = builtins.readFile ./git-ssh-key-wrapper.sh;
        }
      );

      ssh.matchBlocks = {
        "github.com" = {
          hostname = "github.com";
          user = "git";
        };

        "gitlab.sas.com" = {
          hostname = "gitlab.sas.com";
          user = "git";
          identityFile = "${home}/.ssh/ssh_sas_ed25519_key";
        };

        "gerrit-svi.unx.sas.com" = {
          hostname = "gerrit-svi.unx.sas.com";
          user = "nikara";
          port = 29418;
          identityFile = "${home}/.ssh/ssh_sas_ed25519_key";
        };
      };
    };
  };
}