Add GPG-specific option

home/gpg.nix

@@ -0,0 +1,28 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # GPG
+  programs.gpg.enable = true;
+  home.file.".gnupg/gpg-agent.conf" = lib.mkIf pkgs.stdenv.isDarwin {
+    text = ''
+      pinentry-program "${pkgs.pinentry_mac}/Applications/pinentry-mac.app/Contents/MacOS/pinentry-mac"
+    '';
+  };
+
+  # password-store
+  programs.password-store = {
+    enable = true;
+    package = pkgs.pass.withExtensions (exts: [exts.pass-otp]);
+    settings = {
+      PASSWORD_STORE_DIR = "${config.home.homeDirectory}/.password-store";
+    };
+  };
+
+  # Only specify signing if GPG is otherwise being pulled in;
+  # i.e. in a prompt configuration.
+  programs.git.signing = {
+    key = "6EF6CBB6420B81DA3CCACFEA874AA355B3209BDC";
+    signByDefault = true;
+  };
+
+}