diff --git a/src/system/machines/desktop/system.nix b/src/system/machines/desktop/system.nix
index ab3a723..3d80a2b 100644
--- a/src/system/machines/desktop/system.nix
+++ b/src/system/machines/desktop/system.nix
@@ -1,5 +1,11 @@
 { pkgs, lib, config, ... }:
 
+let
+  gpgEnabled = lib.any
+    (user: user.modules.user.security.gpg.enable or false)
+    (lib.attrValues config.home-manager.users);
+
+in
 { system.stateVersion = "23.11";
 
   users.users = {
@@ -91,6 +97,7 @@
   };
 
   services = {
+    pcscd.enable = gpgEnabled;
     timesyncd = lib.mkDefault {
       enable = true;
       servers = [
diff --git a/src/user/modules/security/default.nix b/src/user/modules/security/default.nix
index 8478202..7f8a286 100644
--- a/src/user/modules/security/default.nix
+++ b/src/user/modules/security/default.nix
@@ -17,6 +17,7 @@ in
       pass
       wireguard-tools
       ipscan
+      yubikey-manager
     ];
   };
 }
diff --git a/src/user/modules/security/modules/gpg/default.nix b/src/user/modules/security/modules/gpg/default.nix
index fcaa905..170b570 100644
--- a/src/user/modules/security/modules/gpg/default.nix
+++ b/src/user/modules/security/modules/gpg/default.nix
@@ -13,6 +13,9 @@ in
   config = mkIf cfg.enable {
     programs.gpg = {
       enable = true;
+      scdaemonSettings = {
+        disable-ccid = true;
+      };
       publicKeys = [
         {
           text = "${config.user.keys.pgp.primary}";