{
  username ? throw "username argument is required",
}:
{
  config,
  inputs,
  lib,
  ...
}:
let
  userConfig = config.users.users.${username};
  hmConfig = config.home-manager.users.${username};
  sopsKeyPath = "${hmConfig.xdg.relativeConfigHome}/sops-nix/key.txt";
in
{
  environment.persistence."/persist".users.${username}.files = [ sopsKeyPath ];

  home-manager.users.${username} = {
    imports = [ inputs.sops-nix.homeManagerModules.sops ];

    sops.age.keyFile = "${userConfig.home}/${sopsKeyPath}";
    home.sessionVariables.SOPS_AGE_KEY_FILE = "${userConfig.home}/${sopsKeyPath}";
  };
}