{ config, sysLib, pkgs, ... }: let agent-program = sysLib.writeShellScriptWithLibrary { name = "onlykey-gpg-agent"; src = ./agent-program; dependencies = with pkgs; [ python3 onlykey-agent ]; }; in { programs.gpg = { enable = true; homedir = "${config.xdg.dataHome}/gnupg/onlykey"; mutableKeys = true; mutableTrust = true; settings = { # Hardware-based GPG configuration agent-program = "${agent-program}/bin/onlykey-gpg-agent"; default-key = "Soispha "; # TODO add more }; publicKeys = [ { source = ./keys/sils_at_sils.li; trust = "full"; } { source = ./keys/soispha_at_vhack.eu; trust = "ultimate"; } ]; }; services.gpg-agent = { enable = false; enableZshIntegration = true; enableScDaemon = true; # smartcards and such things pinentryFlavor = "tty"; }; }