# TODO: Migrate to squoia-sq <2025-04-25>
{
  config,
  pkgs,
  lib,
  ...
}: let
  cfg = config.soispha.programs.gpg;
  homeConfig = config.home-manager.users.soispha;
in {
  options.soispha.programs.gpg = {
    enable = lib.mkEnableOption "gpg";
  };

  config = lib.mkIf cfg.enable {
    home-manager.users.soispha = {
      programs.gpg = {
        enable = true;
        homedir = "${homeConfig.xdg.dataHome}/gnupg";
        mutableKeys = true;
        mutableTrust = true;

        settings = {
          default-key = "Benedikt Peetz <benedikt.peetz@b-peetz.de>";
          # TODO: add more
        };

        publicKeys = [
          {
            source = ./keys/key_1.asc;
            trust = "ultimate";
          }
          {
            source = ./keys/key_2.asc;
            trust = "full";
          }
        ];
      };
      services = {
        gpg-agent = {
          enable = true;
          enableZshIntegration = true;
          enableScDaemon = true; # smartcards and such things

          # Cache the key passwords
          defaultCacheTtl = 60 * 50;
          defaultCacheTtlSsh = 60 * 50;
          maxCacheTtl = 60 * 50;
          maxCacheTtlSsh = 60 * 50;

          pinentryPackage = pkgs.pinentry-curses;
          # pinentryPackage = pkgs.pinentry-tty;

          enableSshSupport = true;
          sshKeys = let
            removeSpace = str: builtins.replaceStrings [" "] [""] str;
          in [
            (removeSpace "8321 ED3A 8DB9 99A5 1F3B  F80F F268 2914 EA42 DE26")
          ];
        };
      };
    };

    soispha.programs.zsh.integrations.gpg = ''
      export GPG_TTY=$(tty)

      # Magic copied from the gpg-agent manual
      unset SSH_AGENT_PID
      if [ "''${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
          export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
      fi


      # Ensure that get gpg agent is started (necessary because ssh does not start it
      # automatically and has it's tty updated)
      gpg-connect-agent /bye
    '';
  };
}