{
  user ? throw "user argument is required",
  home ? throw "home argument is required",
}:
{
  inputs,
  lib,
  system,
  pkgs,
  ...
}:
let
  selfPkgs = inputs.self.packages.${system};
in
{
  home-manager.users.${user} = {
    sops.secrets = {
      "git/credentials" = {
        sopsFile = ../../../../../../../secrets/personal/secrets.yaml;
        path = "${home}/.config/git/credentials";
      };

      "git/cookies" = {
        sopsFile = ../../../../../../../secrets/personal/secrets.yaml;
        path = "${home}/.config/git/cookies";
      };
    };

    programs = {
      git.extraConfig.core.sshCommand = lib.meta.getExe (
        pkgs.writeShellApplication {
          name = "git-ssh-key-wrapper";
          runtimeInputs = with pkgs; [ openssh ];
          text = builtins.readFile ./git-ssh-key-wrapper.sh;
        }
      );

      ssh = {
        matchBlocks = {
          "github.com" = {
            hostname = "github.com";
            user = "git";
            identityFile = [
              "${home}/.ssh/ssh_sas_ed25519_key"
              "${home}/.ssh/ssh_personal_ed25519_key"
            ];
          };

          "gitlab.sas.com" = {
            hostname = "gitlab.sas.com";
            user = "git";
            identityFile = "${home}/.ssh/ssh_sas_ed25519_key";
          };

          "gerrit-svi.unx.sas.com" = {
            hostname = "gerrit-svi.unx.sas.com";
            user = "nikara";
            port = 29418;
            identityFile = "${home}/.ssh/ssh_sas_ed25519_key";
          };
        };

        userKnownHostsFiles = with selfPkgs; [
          ssh-known-hosts-github
          ssh-known-hosts-sas-gitlab
          ssh-known-hosts-sas-gerrit
        ];
      };
    };
  };
}