{ lib, config, pkgs, ...}:

let
  cfg = config.ptw.services.yubikey;
in {
  options.ptw.services.yubikey = {
    enable = lib.mkEnableOption "Enable everything for using a YubiKey";
  };

  config = lib.mkIf cfg.enable {
    services = {
      # Unprivileged access to the YubiKey
      udev.packages = [ pkgs.yubikey-personalization ];

      # Allow using the YubiKey as a smart card
      pcscd.enable = true;
    };

    environment.systemPackages = with pkgs; [
      # Management
      yubikey-manager-qt yubikey-manager yubico-piv-tool
    ];

    programs = {
      gnupg.agent = {
        enable = true;
        enableSSHSupport = true;
      };
    };
  };
}