{ config, pkgs, ... }:

{
  home.packages = [ pkgs.pinentry ];
  programs = {
    gpg.enable = true;
    password-store = {
      enable = true;
      package = pkgs.pass-nodmenu.withExtensions
        (exts: with exts; [ pass-otp pass-update pass-audit pass-import ]);
      settings = {
        PASSWORD_STORE_DIR = "${config.home.homeDirectory}/.password-store";
        PASSWORD_STORE_ENABLE_EXTENSIONS = "true";
      };
    };
  };
  services = {
    gpg-agent = rec {
      enable = true;
      maxCacheTtl = 86400;
      defaultCacheTtl = maxCacheTtl;
      defaultCacheTtlSsh = maxCacheTtl;
      pinentryFlavor = "gtk2";
      extraConfig = ''
        no-allow-external-cache
      '';
    };
    password-store-sync.enable = true;
  };
}