{
  config,
  lib,
  pkgs,
  ...
}:
let
  gpg-wrapper = pkgs.writeShellScriptBin "gpg" ''
    until ${pkgs.coreutils}/bin/timeout 1 [ -d /run/secrets/gpg/ ]
    do
      echo "Waiting for '/run/secrets/' to be mounted" >&2
      sleep 1
    done
    if [ -z "$GNUPGHOME" ]
    then export GNUPGHOME="/run/secrets/gpg/"
    fi
    ${pkgs.gnupg}/bin/gpg "$@"
  '';
in {

  home-manager.users.mysaa.home.packages = [
    gpg-wrapper
  ];

  home-manager.users.mysaa.programs.git.signing.signer = "${gpg-wrapper}/bin/gpg";

  fileSystems."/run/secrets" = {
    device = "/dev/disk/by-uuid/545bfd15-0973-4395-9d05-6c4c78a9e45c";
    fsType = "ext4";
    options = [
      "nofail"
      "noauto"
      "ro"
      "x-systemd.automount"
    ];
  };

}