{
  config,
  pkgs,
  ...
}: let
  gpg-agent = {
    enable = true;
    enableZshIntegration = true;
    enableScDaemon = true; # smartcards and such things
    pinentryPackage = pkgs.pinentry-tty;
  };
in {
  programs.gpg = {
    enable = true;
    homedir = "${config.xdg.dataHome}/gnupg/onlykey";
    mutableKeys = false;
    mutableTrust = false;

    settings = {
      default-key = "Benedikt Peetz <benedikt.peetz@b-peetz.de>";
      # TODO: add more
    };

    publicKeys = [
      {
        source = ./keys/key_1;
        trust = "ultimate";
      }
      {
        source = ./keys/key_2;
        trust = "ultimate";
      }
      {
        source = ./keys/key_3;
        trust = "full";
      }
      {
        source = ./keys/key_4;
        trust = "full";
      }
    ];
  };
  services = {
    inherit gpg-agent;
  };
}