nixfiles/home/gpg.nix

{ config, lib, pkgs, ... }:

{
  home.packages = lib.mkIf (config.services.gpg-agent.pinentryFlavor == "gtk2") (with pkgs; [ pinentry.gtk2 ]);
  services.gpg-agent = {
    enable = true;
    enableExtraSocket = true;
    enableSshSupport = false;
    pinentryFlavor = "gtk2";
    extraConfig = lib.mkMerge [
      "auto-expand-secmem 0x30000" # otherwise "gpg: public key decryption failed: Cannot allocate memory"
      "pinentry-timeout 30"
      "allow-loopback-pinentry"
      "enable-ssh-support"
      "no-allow-external-cache"
    ];
  };
}