chore: refactor user modules

users/modules/security/default.nix

@@ -0,0 +1,18 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.home.security;
+in {
+  imports = [
+    ./gpg.nix
+    ./ssh.nix
+  ];
+  options.home.security.fullDesktop = mkEnableOption "Enable all modules";
+  config.home.security = {
+    gpg.enable = mkDefault cfg.fullDesktop;
+    ssh.enable = mkDefault cfg.fullDesktop;
+  };
+}

users/modules/security/gpg.nix

@@ -0,0 +1,32 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib; let
+  cfg = config.home.security.gpg;
+in {
+  options.home.security.gpg = {
+    enable = mkEnableOption "Enable GPG";
+    pinentry.package = mkOption {
+      type = types.package;
+      default =
+        if config.home.dev.editors.emacs.enable
+        then pkgs.pinentry-emacs
+        else pkgs.pinentry-gtk2;
+    };
+  };
+  config = mkIf cfg.enable {
+    programs.gpg = {
+      inherit (cfg) enable;
+      mutableKeys = true;
+      mutableTrust = true;
+    };
+    services.gpg-agent = {
+      enable = true;
+      enableSshSupport = true;
+      pinentry.package = cfg.pinentry.package;
+    };
+  };
+}

users/modules/security/ssh.nix

@@ -0,0 +1,23 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.home.security.ssh;
+in {
+  options.home.security.ssh = {
+    enable = mkEnableOption "enables SSH";
+    hosts = mkOption {
+      type = types.nullOr types.path;
+      default = null;
+    };
+  };
+
+  config = {
+    programs.ssh = mkIf cfg.enable {
+      enable = true;
+      includes = lists.optional (cfg.hosts != null) cfg.hosts;
+    };
+  };
+}