{
  config,
  lib,
  pkgs,
  ...
}:

{
  imports = [ ];

  # Fetch public keys:
  # gpg --locate-keys tom@fizz.buzz
  #
  # gpg -vvv --auto-key-locate local,wkd --locate-keys tom@fizz.buzz

  hardware.gpgSmartcards.enable = true;
  services.udev.packages = [ pkgs.yubikey-personalization ];
  services.pcscd.enable = true;
  # services.gnome.gnome-keyring.enable = true;

  # services.dbus.packages = [ pkgs.gcr ];

  # services.pcscd.plugins = lib.mkForce [ ];

  #   programs.gpg.scdaemonSettings = {
  #   disable-ccid = true;
  # };

  # .gnupg/scdaemon.conf
  home-manager.users.talexander =
    { pkgs, ... }:
    {
      home.file.".gnupg/scdaemon.conf" = {
        source = ./files/scdaemon.conf;
      };
    };

  programs.gnupg.dirmngr.enable = true;
  programs.gnupg.agent = {
    enable = true;
    enableSSHSupport = true;
    pinentryPackage = pkgs.pinentry-qt;
    # settings = {
    #   disable-ccid = true;
    # };
  };

  environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
    hideMounts = true;
    users.talexander = {
      directories = [
        {
          directory = ".gnupg";
          user = "talexander";
          group = "talexander";
          mode = "0700";
        } # Local keyring
      ];
    };
  };

  # nixpkgs.overlays = [
  #   (final: prev: {
  #     pcsclite = prev.pcsclite.overrideAttrs (old: {
  #       postPatch = ''
  #         substituteInPlace src/libredirect.c src/spy/libpcscspy.c \
  #           --replace-fail "libpcsclite_real.so.1" "$lib/lib/libpcsclite_real.so.1"
  #       '';
  #     });
  #   })
  # ];

  # security.polkit.extraConfig = ''
  #   polkit.addRule(function(action, subject) {
  #     if (action.id == "org.debian.pcsc-lite.access_card") {
  #       return polkit.Result.YES;
  #     }
  #   });

  #   polkit.addRule(function(action, subject) {
  #     if (action.id == "org.debian.pcsc-lite.access_pcsc") {
  #       return polkit.Result.YES;
  #     }
  #   });
  # '';

  environment.systemPackages = with pkgs; [
    pcsctools
  ];

}