{ pkgs, ... }:

{
  programs = {
    gpg.enable = true;
    password-store = {
      enable = true;
      package = pkgs.pass.withExtensions (exts: [ exts.pass-otp ]);
      settings.PASSWORD_STORE_DIR = "$HOME/.password-store";
    };
  };
  services.gpg-agent = {
    enable = true;
    defaultCacheTtl = 7200;
    defaultCacheTtlSsh = 7200;
    pinentryFlavor = "gtk2";
    extraConfig = ''
      no-allow-external-cache
      allow-emacs-pinentry
      allow-loopback-pinentry
    '';
  };
}