{
  options,
  config,
  lib,
  pkgs,
  ...
}:

with lib;
with lib.metacfg;
let
  cfg = config.metacfg.gui;
in
{
  options.metacfg.gui = with types; {
    enable = mkBoolOpt false "Whether or not to enable a GUI.";
  };

  config = mkIf cfg.enable {
    services = {
      gnome.localsearch.enable = lib.mkForce false;

      flatpak.enable = true;

      pcscd.enable = lib.mkDefault false;

      # Enable CUPS to print documents.
      printing.enable = true;

      pipewire = {
        enable = true;
        alsa.enable = true;
        alsa.support32Bit = true;
        pulse.enable = true;
        # If you want to use JACK applications, uncomment this
        #jack.enable = true;

        # use the example session manager (no others are packaged yet so this is enabled by default,
        # no need to redefine it in your config for now)
        #media-session.enable = true;
      };

      udev.packages = [
        pkgs.libu2f-host
        pkgs.yubikey-personalization
      ];

      xserver = {
        xkb.layout = lib.mkDefault "de+us";
        enable = true;
        displayManager.gdm.enable = true;
        desktopManager.gnome.enable = true;
      };
    };
    #security.pam.p11.control = "sufficient";
    #security.pam.p11.control = "required";
    #security.pam.p11.enable = true;
    #  services.fprintd.enable = true;
    #security.pam.yubico.enable = true;
    #security.pam.yubico.control = "sufficient";
    #security.pam.yubico.mode = "challenge-response";

    #security.tpm2.pkcs11.enable = true;

    hardware.graphics = {
      enable = true;

      extraPackages = with pkgs; [
        vpl-gpu-rt
        intel-compute-runtime
        intel-media-driver # LIBVA_DRIVER_NAME=iHD
        #intel-vaapi-driver # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
        libvdpau-va-gl
        rocmPackages.clr.icd
        amdvlk
      ];
    };

    systemd.tmpfiles.rules =
      let
        rocmEnv = pkgs.symlinkJoin {
          name = "rocm-combined";
          paths = with pkgs.rocmPackages; [
            rocblas
            hipblas
            clr
          ];
        };
      in
      [ "L+    /opt/rocm   -    -    -     -    ${rocmEnv}" ];

    metacfg.home.configFile."mpv/mpv.conf".text = ''
      hwdec=auto-safe
      vo=gpu
      profile=gpu-hq
      gpu-context=wayland
    '';

    security.rtkit.enable = true;

    programs.gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
      enableBrowserSocket = true;
    };

    environment.systemPackages = with pkgs; [
      #pcsctools
      bat
      cardpeek
      ccache
      chromium
      clang
      dive
      file
      firefox
      gh
      gimp
      git
      gnome-browser-connector
      cheese
      gnome-software
      gnomeExtensions.appindicator
      gnomeExtensions.autohide-battery
      gnomeExtensions.dash-to-panel
      gnomeExtensions.hibernate-status-button
      gnomeExtensions.vitals
      gnupg
      go
      jetbrains-toolbox
      jq
      kbfs
      libu2f-host
      mosh
      mosh
      nixpkgs-fmt
      opensc
      pasystray
      pinentry-gnome3
      pkg-config
      pstree
      ripgrep
      rustup
      slack
      spotify
      statix
      thunderbird
      tmux
      vim
      wl-clipboard
      yubikey-manager-qt
      yubikey-personalization
      zellij
    ];

    #----=[ Fonts ]=----#
    fonts = {
      enableDefaultPackages = false;
      packages = with pkgs; [
        noto-fonts-emoji
        liberation_ttf
        freefont_ttf
        (nerdfonts.override {
          fonts = [
            "FiraCode"
            "DroidSansMono"
            "JetBrainsMono"
          ];
        })
      ];

      fontconfig = {
        enable = true;
        defaultFonts = {
          serif = [ "Liberation" ];
          sansSerif = [ "Liberation" ];
          monospace = [ "JetBrainsMono" ];
          emoji = [ "Noto Color Emoji" ];
        };
      };
    };

    # remote desktop
    networking.firewall.allowedTCPPorts = [ 3389 ];
  };
}