diff --git a/general.nix b/general.nix
index 080041b..eafc173 100644
--- a/general.nix
+++ b/general.nix
@@ -104,34 +104,10 @@ in
     # Some programs need SUID wrappers, can be configured further or are
     # started in user sessions.
     programs.mtr.enable = true;
-    programs.gnupg.agent = {
-      enable = true;
-      enableSSHSupport = true;
-    };
     
-    systemd.user.services.gpg-agent = let
-      pinentrySwitcher = pkgs.callPackage ./packages/pinentry.nix {};
-      cfg = config.programs.gnupg;
-    in {
-      restartTriggers = [ pinentrySwitcher ];
-      restartIfChanged = true;
-    
-      serviceConfig.ExecStart = [ "" ''
-        ${cfg.package}/bin/gpg-agent --supervised \
-          --pinentry-program ${pinentrySwitcher}/bin/pinentry
-        '' ];
-    };
-
     documentation.man.generateCaches = true;
 
 
-    environment.shellInit = concatStringsSep "\n" [
-      ''export GPG_TTY="$(tty)"''
-      ''gpg-connect-agent /bye''
-      ''export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"''
-    ];
-
-
     # zram is so usefull, we should always have it enabled.
     zramSwap = {
       enable = true;
diff --git a/services.nix b/services.nix
index e4973c2..a1c60b3 100644
--- a/services.nix
+++ b/services.nix
@@ -183,14 +183,6 @@ in {
       };
     };
 
-    programs.gnupg = {
-      agent.enable = true;
-      dirmngr.enable = true;
-      agent.pinentryFlavor = "curses";
-      agent.enableSSHSupport = true;
-      agent.enableExtraSocket = true;
-      agent.enableBrowserSocket = true;
-    };
     programs.ssh.startAgent = false;
 
     # SmartCards
diff --git a/services/default.nix b/services/default.nix
index d8d12cd..e9aca47 100644
--- a/services/default.nix
+++ b/services/default.nix
@@ -2,5 +2,6 @@
 {
   imports = [
     ./jupyterhub.nix
+    ./gnupg.nix
   ];
 }
diff --git a/services/gnupg.nix b/services/gnupg.nix
new file mode 100644
index 0000000..d459b09
--- /dev/null
+++ b/services/gnupg.nix
@@ -0,0 +1,34 @@
+{ config, pkgs, lib, ... }:
+with lib;
+{
+  config = {
+
+    programs.gnupg = {
+      agent.enable = true;
+      dirmngr.enable = true;
+      agent.pinentryFlavor = "curses"; # overriden anyway
+      agent.enableSSHSupport = true;
+      agent.enableExtraSocket = true;
+      agent.enableBrowserSocket = true;
+    };
+
+    environment.shellInit = ''
+      export GPG_TTY="$(tty)"
+      gpg-connect-agent /bye
+      export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
+    '';
+  
+    systemd.user.services.gpg-agent = let
+      pinentrySwitcher = pkgs.callPackage ../packages/pinentry.nix {};
+      cfg = config.programs.gnupg;
+    in {
+      restartTriggers = [ pinentrySwitcher ];
+      restartIfChanged = true;
+    
+      serviceConfig.ExecStart = [ "" ''
+        ${cfg.package}/bin/gpg-agent --supervised \
+          --pinentry-program ${pinentrySwitcher}/bin/pinentry
+        '' ];
+    };
+  };
+}