{
  config,
  lib,
  pkgs,
  ...
}: {
  xdg.configFile."pass-git-helper/git-pass-mapping.ini".source =
    ./git-pass-mapping.ini;
  programs = {
    gpg.enable = true;
    password-store = {
      enable = true;
      package =
        pkgs.pass-nodmenu.withExtensions
        (exts: with exts; [pass-otp pass-update pass-audit pass-import]);
      settings = {
        PASSWORD_STORE_DIR = "${config.home.homeDirectory}/.password-store";
        PASSWORD_STORE_ENABLE_EXTENSIONS = "true";
      };
    };
    git.extraConfig.credential = {
      helper = "${pkgs.pass-git-helper}/bin/pass-git-helper";
    };
  };
  services = {
    gpg-agent = rec {
      enable = true;
      maxCacheTtl = 86400;
      defaultCacheTtl = maxCacheTtl;
      defaultCacheTtlSsh = maxCacheTtl;
      pinentryFlavor = lib.mkDefault "curses";
      extraConfig = ''
        no-allow-external-cache
      '';
    };
    git-sync.repositories.password-store = {
      path = "${config.home.homeDirectory}/.password-store";
      uri = "git+https://git.xenia.me.uk/xenia/pass.git";
    };
  };
}