{ config, pkgs, inputs, lib, ... }: {
  imports = [ inputs.nixos-hardware.nixosModules.raspberry-pi-4 ];

  networking = {
    hostName = "homescreen";
    networkmanager = { enable = true; };
  };
  hardware.enableRedistributableFirmware = true;

  environment.systemPackages = with pkgs; [ neovim htop btop atop ];

  services.fail2ban.enable = true;

  services.openssh = {
    enable = true;
    permitRootLogin = "prohibit-password";
    passwordAuthentication = false;
  };

  hardware.raspberry-pi."4".fkms-3d.enable = true;

  hardware.deviceTree.filter = lib.mkForce "*rpi-*.dtb";

  services.xserver = {
    enable = true;
    displayManager.lightdm.enable = true;
    displayManager.autoLogin.enable = true;
    displayManager.autoLogin.user = "kiosk";
    desktopManager.gnome.enable = true;
    libinput.enable = true;
  };

  users = {
    mutableUsers = false;
    users.kiosk = { isNormalUser = true; };
  };
  users.extraUsers.root.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEo4R+6J3h6Ix3xWpOMdU7Es1/YxFchHw0c+kcCOJxFb cyryl@foureighty"
  ];
  fileSystems = {
    "/" = {
      device = "/dev/disk/by-label/NIXOS_SD";
      fsType = "ext4";
      options = [ "noatime" ];
    };
    "/boot/firmware" = {
      device = "/dev/disk/by-label/FIRMWARE";
      fsType = "vfat";
      options = [ "nofail" "noauto" ];
    };
  };
  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";

  security.allowUserNamespaces = true;

  time.timeZone = "Europe/London";
  system.stateVersion = "22.05";

  nix = {
    autoOptimiseStore = true;
    gc = {
      automatic = true;
      dates = "weekly";
      options = "--delete-older-than 30d";
    };
    # Free up to 1GiB whenever there is less than 100MiB left.
    extraOptions = ''
      min-free = ${toString (100 * 1024 * 1024)}
      max-free = ${toString (1024 * 1024 * 1024)}
    '';
  };
}