{ lib, config, pkgs, ... }:
with lib;
let
  cfg = config.modules.application.gnupg;
in
{
  options.modules.application.gnupg = {
    enable = mkEnableOption "enable GnuPG and related utils";

    pass = mkOption {
      type = types.bool;
      default = true;
      description = "install password-store";
    };

    enableSshSupport = mkOption {
      type = types.bool;
      default = false;
      description = "enable GnuPG agent SSH support";
    };
  };
  config = mkIf cfg.enable {

    home.packages = with pkgs; [
      # pinentry-gnome
      gcr
    ];
    programs.gpg = {
      enable = true;
      scdaemonSettings = {
        disable-ccid = true;
      };
    };

    services.gpg-agent = {
      enable = true;
      enableScDaemon = true;
      enableZshIntegration = true;
      pinentryPackage = pkgs.pinentry-gnome3;
      enableSshSupport = cfg.enableSshSupport;
    };

    home.sessionVariablesExtra = lib.mkIf cfg.enableSshSupport ''
      if [[ -z "''${SSH_AUTH_SOCK}" ]]; then
        export SSH_AUTH_SOCK="$(${config.programs.gpg.package}/bin/gpgconf --list-dirs agent-ssh-socket)"
      fi
    '';

    services.ssh-agent.enable = if cfg.enableSshSupport then false else true;
    programs.password-store = {
      enable = cfg.pass;
    };
  };
}