{ pkgs, gpgSSHKeys, ... }:

{
  services.gpg-agent = {
    enable = true;
    enableZshIntegration = true;
    pinentryPackage = pkgs.pinentry-curses;
    enableSshSupport = true;
    sshKeys = gpgSSHKeys;
    defaultCacheTtl = 3600 * 12;
    defaultCacheTtlSsh = 3600 * 12;
    maxCacheTtl = 3600 * 12;
    maxCacheTtlSsh = 3600 * 12;
    extraConfig = ''
      allow-loopback-pinentry
    '';
  };

  programs.gpg = {
    enable = true;
    mutableKeys = false;
    mutableTrust = false;
    settings = {
      pinentry-mode = "loopback";
    };
    publicKeys = [
      {
        source = ./molez.pub.asc;
        trust = "ultimate";
      }
      {
        source = ./vi-bim.pub.asc;
        trust = "ultimate";
      }
      {
        source = ./horsch.pub.asc;
        trust = "ultimate";
      }
    ];
  };
}