{
  inputs,
  pkgs,
  ...
}: {
  imports = [
    inputs.stylix.nixosModules.stylix
  ];
  nixpkgs.config.permittedInsecurePackages = [
    "electron-25.9.0"
  ];

  # use pipewire
  hardware.pulseaudio.enable = false;
  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
    jack.enable = true;
  };
  # pipewire raop
  networking.firewall.allowedUDPPorts = [6002 6001];
  # network streaming
  networking.firewall.allowedTCPPorts = [4713];

  security.pam.services.swaylock = {};
  security.polkit.enable = true;
  systemd.user.services.polkit-gnome-authentication-agent-1 = {
    description = "polkit-gnome-authentication-agent-1";
    wantedBy = ["graphical-session.target"];
    wants = ["graphical-session.target"];
    after = ["graphical-session.target"];
    serviceConfig = {
      Type = "simple";
      ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
      Restart = "on-failure";
      RestartSec = 1;
      TimeoutStopSec = 10;
    };
  };

  hardware.opentabletdriver.enable = true;

  programs.nm-applet.enable = true;

  services.printing.enable = true;

  services.dbus.enable = true;
  programs.light.enable = true;
  programs.dconf.enable = true;

  hardware.bluetooth.enable = true;
  services.blueman.enable = true;

  networking.stevenblack = {
    enable = true;
    block = ["porn" "gambling"];
  };

  stylix = {
    image = ../images/nix-soft.png;
    base16Scheme = "${pkgs.base16-schemes}/share/themes/onedark.yaml";
    opacity = {
      terminal = 0.9;
      applications = 0.9;
      desktop = 0.9;
      popups = 0.9;
    };
  };

  nixpkgs.overlays = [
    (final: prev: {
      interalia = prev.callPackage ../pkgs/interalia.nix {};
    })
  ];

  fonts.packages = with pkgs; [
    nerdfonts
    interalia
  ];
}