{ config, user, ... }: {
  imports = [
    ./common.nix
    ../modules/rclone.nix
  ];

  config = {
    home.stateVersion = "23.11";

    sops = {
      age.sshKeyPaths = [
        "${config.home.homeDirectory}/.ssh/id_ed25519"
      ];

      defaultSopsFile = ../../secrets/manuel/secrets.yaml;
      secrets = {
        nextcloud_password = {};
        proton_password = { };
        proton_2fa = { };
        proton_uid = { };
        proton_access_token = { };
        proton_refresh_token = { };
        proton_salted_key_pass =  { };
      };
    };

    programs = {
      home-manager.enable = true;
      rclone = {
        enable = true;

        systemdDependencies = {
          secrets = [
            "sops-nix.service"
          ];
        };

        configs = {
          nextcloud.nextcloud = {
            baseUrl = "https://cloud.nuth.ch";
            username = "manuth";
            obscuredPasswordFile = config.sops.secrets.nextcloud_password.path;
            vfs = {
              enable = true;
            };
          };

          proton.Proton =
            let
              inherit (config.sops) secrets;
            in {
              username = "m@nuth.ch";
              obscuredPasswordFile = secrets.proton_password.path;
              webAuthnTokenFile = secrets.proton_2fa.path;
              clientIDFile = secrets.proton_uid.path;
              accessTokenFile = secrets.proton_access_token.path;
              refreshTokenFile = secrets.proton_refresh_token.path;
              saltedKeyPassFile = secrets.proton_salted_key_pass.path;
            };
        };
      };

      git = {
        enable = true;
        userName = user.fullName;
        userEmail = user.mail;
      };
    };
  };
}