{ self, config, pkgs, lib, ...}: {
  imports = [ ./hardware-configuration.nix ];

  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "spotify" ];

  boot.loader.grub = {
    enable = true;
    device = "/dev/sda";
  };

  boot.loader.timeout = 1;

  networking.hostName = "stube-pc";
  networking.networkmanager.enable = true;
  networking.firewall.enable = true;

  time.timeZone = "Europe/Berlin";

  users.mutableUsers = false;
  users.users.admin = {
    isNormalUser = true;
    hashedPassword = "$y$j9T$sYhrjA6IDTFVsUTVrw6aY/$c4qBwMc6SBMip4BWIpHPwzkyVgnOaHdvYxJDUIyw7q1";
    extraGroups = [ "wheel" "networkmanager" ];
    createHome = true;
    openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDbsWgnT1W25H5fDCekspaXzlIwvKh+rHygTId8xHotU admin" ];
  };
  users.users.stube = {
    isNormalUser = true;
    extraGroups = [ "networkmanager" ];
    password = "stube";
  };

  systemd.services."display-manager".after = [ "home-manager-stube.service" ];

  console.keyMap = "de";

  services.pipewire = {
    enable = true;
    pulse.enable = true;
  };

  services.xserver = {
    enable = true;
    xkb.layout = "de";
    desktopManager.xfce.enable = true;
  };
  services.displayManager = {
    enable = true;
    defaultSession = "xfce";
    autoLogin = {
      enable = true;
      user = "stube";
    };
  };
  services.xserver.displayManager.lightdm.greeter.enable = false;
  services.xserver.displayManager.lightdm.autoLogin.timeout = 0;
  services.xserver.desktopManager.xfce.enableScreensaver = false;

  hardware.opengl = {
    enable = true;
    driSupport = true;
    driSupport32Bit = true;
  };

  environment.systemPackages = with pkgs; [
    vim
    git
    xfce.xfce4-pulseaudio-plugin
    pavucontrol
  ];

  environment.etc."current-nixos".source = self;

  environment.persistence."/persist" = {
    enable = true;
    hideMounts = true;
    directories = [
      "/var/log"
      "/var/lib/nixos"
      "/var/lib/systemd/coredump"
      "/etc/NetworkManager/system-connections"
    ];
    files = [
      "/etc/machine-id"
      "/etc/ssh/ssh_host_rsa_key"
      "/etc/ssh/ssh_host_rsa_key.pub"
      "/etc/ssh/ssh_host_ed25519_key"
      "/etc/ssh/ssh_host_ed25519_key.pub"
    ];
  };

  security.polkit.enable = true;

  services.openssh = {
    enable = true;
    openFirewall = true;
    settings = {
      PasswordAuthentication = false;
      AllowUsers = [ "admin" ];
    };
  };

  system.stateVersion = "24.05";
}