{
  config,
  lib,
  pkgs,
  ...
}: {
  options.yubikey = with lib; {
    pinentry = mkOption {
      type = types.enum ["qt" "gnome3"];
      default = "qt";
      description = "The pinentry flavour to use";
    };
  };

  config = {
    programs.gpg = {
      enable = true;
      mutableKeys = false;
      mutableTrust = false;
      publicKeys = [
        {
          source = ../../static/keys/my_pub.asc;
          trust = "ultimate";
        }
      ];
    };
    services.gpg-agent = {
      enable = true;
      enableSshSupport = true;
      enableZshIntegration = true;
      pinentryPackage =
        if config.yubikey.pinentry == "qt"
        then pkgs.pinentry-qt
        else pkgs.pinentry.gnome3;
      extraConfig = ''
        allow-emacs-pinentry
      '';
    };
    home.sessionVariables = {
      SSH_AUTH_SOCK = "$\{XDG_RUNTIME_DIR\}/gnupg/S.gpg-agent.ssh";
    };
  };
}