{ user, home }:
{
  config,
  lib,
  pkgs,
  inputs,
  ...
}:
let
  hmConfig = config.home-manager.users.${user};
in
{
  home-manager.users.${user} = {
    sops = {
      secrets = {
        "registry/personal/git.karaolidis.com" = {
          sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
          key = "registry/git.karaolidis.com";
        };

        "registry/personal/docker.io" = {
          sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml";
          key = "registry/docker.io";
        };

        "registry/sas/cr.sas.com" = {
          sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml";
          key = "registry/cr.sas.com";
        };
      };

      templates.containers-auth = {
        content = builtins.readFile (
          (pkgs.formats.json { }).generate "auth.json" {
            auths = {
              "git.karaolidis.com" = {
                auth = hmConfig.sops.placeholder."registry/personal/git.karaolidis.com";
              };
              "docker.io" = {
                auth = hmConfig.sops.placeholder."registry/personal/docker.io";
              };
              "cr.sas.com" = {
                auth = hmConfig.sops.placeholder."registry/sas/cr.sas.com";
              };
            };
          }
        );
        path = "${home}/.config/containers/auth.json";
      };
    };

    services.podman.settings.storage.storage.driver = lib.mkForce "overlay";
  };
}