{ self, lib, config, pkgs, ... }:
let
  inherit (config.swarselsystems) mainUser homeDir;
in
{
  options.swarselmodules.gpgagent = lib.mkEnableOption "gpg agent settings";
  config = lib.mkIf config.swarselmodules.gpgagent {
    services.gpg-agent = {
      enable = true;
      verbose = true;
      enableZshIntegration = true;
      enableScDaemon = true;
      enableSshSupport = true;
      enableExtraSocket = true;
      pinentry.package = pkgs.wayprompt;
      pinentry.program = "pinentry-wayprompt";
      # pinentry.package = pkgs.pinentry.gtk2;
      defaultCacheTtl = 600;
      maxCacheTtl = 7200;
      extraConfig = ''
        allow-loopback-pinentry
        allow-emacs-pinentry
      '';
      sshKeys = [
        "4BE7925262289B476DBBC17B76FD3810215AE097"
      ];
    };

    programs.gpg = {
      enable = true;
      scdaemonSettings = {
        disable-ccid = true; # prevent conflicts between pcscd and scdameon
      };
      publicKeys = [
        {
          source = "${self}/secrets/public/gpg/gpg-public-key-0x76FD3810215AE097.asc";
          trust = 5;
        }
      ];
    };

    systemd.user.tmpfiles.rules = [
      "d ${homeDir}/.gnupg 0700 ${mainUser} users - -"
    ];

    # assure correct permissions
    # systemd.user.tmpfiles.settings."30-gpgagent".rules = {
    #   "${homeDir}/.gnupg" = {
    #     d = {
    #       group = "users";
    #       user = mainUser;
    #       mode = "0700";
    #     };
    #   };
    # };
  };

}