.hive/modules/home/yubikey.nix

{
  config,
  lib,
  pkgs,
  ...
}: let
  cfg = config.hive.yubikey;
in {
  options.hive.yubikey = with lib; {
    enable = mkEnableOption "Yubikey support";
    pinentry = mkOption {
      type = types.enum ["qt" "gnome3"];
      default = "qt";
      description = "The pinentry flavour to use";
    };
  };

  config = lib.mkIf cfg.enable {
    programs.gpg = {
      enable = true;
      mutableKeys = false;
      mutableTrust = false;
      publicKeys = [
        {
          source = ../../static/keys/my_pub.asc;
          trust = "ultimate";
        }
      ];
    };
    # services.gpg-agent = {
    #   enable = true;
    #   enableSshSupport = true;
    #   enableZshIntegration = true;
    # };
    # home.sessionVariables = {
    #   SSH_AUTH_SOCK = "$XDG_RUNTIME_DIR/gnupg/S.gpg-agent.ssh";
    # };
    # systemd.user.settings.Manager.DefaultEnvironment = lib.mapAttrs (_: lib.mkDefault) {
    #   SSH_AUTH_SOCK = "/run/user/%U/gnupg/S.gpg-agent.ssh";
    # };
  };
}