{ config, lib, pkgs, ... }:

let

  keysDir = ../../../files/keys;
  keys = lib.attrsets.mapAttrsToList (name: type: "${keysDir}/${name}") (builtins.readDir keysDir);
  gpgKeys = builtins.filter (path: lib.strings.hasSuffix "asc" path) keys;

in
{
  home-manager.users.${config.user} = {

    # install keys into gpg keyring
    programs.gpg = {
      enable = true;
      publicKeys = map (path: { source = path; trust = 5; }) gpgKeys;
    };

    # global gpg agent
    services.gpg-agent = {
      enable = true;
      enableExtraSocket = true;
      enableSshSupport = true;
      pinentry.package = pkgs.pinentry-curses;
    };

  };

  # yubikey support
  services = {
    pcscd.enable = true;
    udev.packages = with pkgs; [
      yubikey-personalization
    ];
  };
}