{ pkgs, ... }:
{
  packages = with pkgs; [
    nix-direnv
    gnupg
    git
    bitwarden-cli
  ];

  scripts.download_gpg_key.exec = # bash
  ''
    if ! bw login --check; then
      echo "Please run `bw login`"
      exit 1
    fi

    bw sync && \
    bw get attachment private.key --itemid 335ce92f-974a-44d4-bc1c-b226005203f3 --output private.key && \
    echo "Please run `set_gpg_tty && import_gpg_key`"
  '';

  scripts.set_gpg_tty.exec = # bash
  ''
    export GPG_TTY="$(tty)"
  '';

  scripts.import_gpg_key.exec = # bash
  ''
    exec gpg --import private.key
  '';

  scripts.gpg_no_pinentry.exec = # bash
  ''
    pkill gpg-agent
    gpg-agent --pinentry-program=/usr/bin/pinentry-curses --daemon
  '';

  scripts.git_allow_push.exec = # bash
  ''
    git config http.version HTTP/1.1
  '';
}