{pkgs, ...}: {
  services = {
    gpg-agent.defaultCacheTtl = 1209600;
    gpg-agent.pinentry.package = pkgs.pinentry-tty;
  };

  programs.gpg.publicKeys = let
    fromUrl = {
      url,
      hash,
      trust ? 5,
    }: {
      source = pkgs.fetchurl {inherit url hash;};
      inherit trust;
    };

    github = {user, ...} @ args:
      fromUrl (
        builtins.removeAttrs args ["user"]
        // {url = "https://github.com/${user}.gpg";}
      );
  in
    map github [
      # Do not depend on my own forgejo instance / self-host server to avoid a single point of failure
      {
        user = "leana8959";
        hash = "sha256-Y+v/8bLkyUIe4vjToChQP3ChPxRV/DqI72OTsx6F0oo=";
      }
      {
        user = "vanilla-extracts";
        hash = "sha256-6JulBVFmbOHAI7tHiS0Q7L5oQVOXtkUmOLz3+Yz27ec=";
      }
      {
        user = "jappeace";
        hash = "sha256-wJ4hiE7M7dcEMaE8waNZEi+tybpVIsFzoeDJhIIaLhk=";
      }
      {
        user = "confusedkernel";
        hash = "sha256-9DdtDAcv+2Z0jJMSLAXbp5ne8uHYj5V/lNGi0kKSdv4=";
      }
    ]
    ++ map fromUrl [
      {
        url = "https://eragon.re/pubkey.asc";
        hash = "sha256-xvNB+BxqxHqdVBnMhzX3eenN3KmjmdATFPHkPUGweAA=";
      }
    ];
}