diff --git a/config/graphical.nix b/config/graphical.nix
index 66bfaebf..ef05ff93 100644
--- a/config/graphical.nix
+++ b/config/graphical.nix
@@ -1,4 +1,4 @@
-{ config, ... }:
+{ nixos-config, ... }:
 {
   time.timeZone = "Etc/GMT-1";
   isGraphical = true;
@@ -6,5 +6,6 @@
     ./kde
     ./documentation.nix
     ./graphical/fonts.nix
+    "${nixos-config}/services/security-key"
   ];
 }
diff --git a/services/desktop/default.nix b/services/desktop/default.nix
index b6ba766e..0d8142ba 100644
--- a/services/desktop/default.nix
+++ b/services/desktop/default.nix
@@ -2,5 +2,6 @@
 {
   imports = [
     ./kdeconnect.nix
+    ./gpg
   ];
 }
diff --git a/services/desktop/gpg/default.nix b/services/desktop/gpg/default.nix
new file mode 100644
index 00000000..d6b73fbf
--- /dev/null
+++ b/services/desktop/gpg/default.nix
@@ -0,0 +1,10 @@
+{ config, ... }:
+{
+  programs.gpg = {
+    enable = true;
+    homedir = "${config.xdg.dataHome}/gnupg";
+    mutableKeys = false;
+    mutableTrust = false;
+    scdaemonSettings.disable-ccid = true;
+  };
+}
diff --git a/services/security-key/default.nix b/services/security-key/default.nix
new file mode 100644
index 00000000..b9adab67
--- /dev/null
+++ b/services/security-key/default.nix
@@ -0,0 +1,7 @@
+{ ... }:
+{
+  imports = [
+    ./pcscd.nix
+    ./tpm2.nix
+  ];
+}
diff --git a/services/security-key/pcscd.nix b/services/security-key/pcscd.nix
new file mode 100644
index 00000000..15f50c79
--- /dev/null
+++ b/services/security-key/pcscd.nix
@@ -0,0 +1,6 @@
+{ ... }:
+{
+  services.pcscd = {
+    enable = true;
+  };
+}
diff --git a/services/security-key/tpm2.nix b/services/security-key/tpm2.nix
new file mode 100644
index 00000000..c86fbd2d
--- /dev/null
+++ b/services/security-key/tpm2.nix
@@ -0,0 +1,11 @@
+{ ... }:
+{
+  security.tpm2 = {
+    enable = true;
+    abrmd.enable = true;
+    pkcs11.enable = true;
+    tctiEnvironment.enable = true;
+  };
+  services.tcsd.enable = true;
+  systemd.tpm2.enable = true;
+}