{ pkgs, lib, config, ... }:
let
  user = "kodi";
  extraGroups = [
    "users"
    "audio"
    "video"
    "disk"
    "power"
    "plugdev"
  ] ++ lib.optionals config.hardware.raspberry-pi.enable [
    "i2c"
    "spi"
  ];
in
{
  services.cage = {
    inherit user;
    enable = true;
    program = "${pkgs.kodi-standalone}/bin/kodi-standalone";
  };

  users.users.kodi = {
    inherit extraGroups;
    name = user;
    isNormalUser = true;
  };

  sops.secrets = {
    "kodi-advancedsettings" = {
      owner = user;
      format = "binary";
      sopsFile = ./secrets/advancedsettings.xml;
      path = "/home/${user}/.kodi/userdata/advancedsettings.xml";
    };
    "kodi-passwords" = {
      owner = user;
      format = "binary";
      sopsFile = ./secrets/passwords.xml;
      path = "/home/${user}/.kodi/userdata/passwords.xml";
    };
    "kodi-youtube" = {
      owner = user;
      format = "binary";
      sopsFile = ./secrets/youtube.json;
      path = "/home/${user}/.kodi/userdata/addon_data/plugin.video.youtube/api_keys.json";
    };
  };

  networking.firewall.allowedTCPPorts = [ 8080 9090 ];

  environment.sessionVariables = {
    WLR_LIBINPUT_NO_DEVICES = builtins.toString 1;
  };

  systemd.tmpfiles.rules = [
    "d /home/kodi/.kodi/temp 0750 kodi users -"
  ];

  environment.systemPackages = with pkgs; [
    #kodi-standalone
    alsa-utils
    /*
      (retroarch.override {
      cores = with libretro; [
        snes9x
        pcsx-rearmed
        nestopia
      ];
      })
    */
  ];
}