{
  lib,
  config,
  pkgs,
  ...
}: let
  isEnabled =
    config.azos.encryption.enable;
in {
  options.azos.encryption.enable = lib.mkOption {
    default = true;
    example = true;
    type = lib.types.bool;
  };

  config = lib.mkIf isEnabled {
    programs.password-store = {
      enable = true;
      settings = {
        PASSWORD_STORE_KEY = "076AA297579A0064";
      };
    };

    home.packages = with pkgs; [
      yubikey-personalization
      pinentry-gtk2
    ];
    programs.gpg = {
      enable = true;
    };
    services.gpg-agent = {
      enable = true;
      enableSshSupport = true;
      grabKeyboardAndMouse = false;
      pinentry.package = pkgs.pinentry-gtk2;
    };

    home.file.".ssh/config".source = ./ssh-config;
    home.file.".ssh/gpg-as-ssh.pub".source = ./gpg-as-ssh.pub;
    home.file.".gnupg/sshcontrol".source = ./sshcontrol;
  };
}