{ config, lib, pkgs, ... }:

let mutableSymlink = config.lib.file.mkOutOfStoreSymlink;
in {
  home.packages = [
    # Rage supports pinentry while Age does not.
    pkgs.rage
  ];

  # Private keys must be mutable symlinks since we don't want the key inside the
  # world-readable store.
  home.file."private-keys/age/crumb.age".source =
    mutableSymlink "/persist/private-keys/age/${config.home.username}.age";

  home.file."public-keys/age/crumb.pub".source =
    ../../../public-keys/age/${config.home.username}.pub;
}