{ config, lib, pkgs, ... }:
let
  yubikey-pkgs = with pkgs; [
    ccid
    libu2f-host
    libusb
    rng_tools
    yubikey-manager
    yubikey-personalization
    gnupg
    pinentry
  ];
in
{
  services.pcscd.enable = true;
  services.udev.packages = with pkgs; [
    libu2f-host
    yubikey-personalization
  ];

  programs.gnupg.agent = {
    enable = true;
    enableSSHSupport = true;
  };
  # Use GPG agent instead.
  programs.ssh.startAgent = lib.mkDefault false;

  environment = {
    systemPackages = yubikey-pkgs;
  };
}