{ config, lib, pkgs, ... }:

with lib;

{
  config = {
    programs.gpg = {
      enable = true;

      settings = {
        no-comments = false;
        s2k-cipher-algo = "AES128";
        throw-keyids = true;
        trusted-key = [ "0xXXXXXXXXXXXXX" "0xYYYYYYYYYYYYY" ];
      };

      homedir = "${config.home.homeDirectory}/bar/foopg";
    };

    nmt.script = ''
      assertFileExists home-files/bar/foopg/gpg.conf
      assertFileContent home-files/bar/foopg/gpg.conf ${
        ./override-defaults-expected.conf
      }

      assertFileNotRegex activate "^unset GNUPGHOME keyId importTrust$"
    '';
  };
}