{
  config,
  lib,
  pkgs,
  ...
}: let
  cfg = config.hive.yubikey;
in {
  options = {
    hive.yubikey.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      description = "Enable Yubikey support.";
    };
  };

  config = lib.mkIf cfg.enable {
    services.udev.packages = with pkgs; [
      yubikey-personalization
    ];

    environment.systemPackages = with pkgs; [
      gnupg
      yubikey-personalization
      yubioath-flutter
    ];

    services.pcscd.enable = true;

    programs.gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
    };
  };
}