{ pkgs, lib, ... }:
let
  dashboardUrl = "https://night.purduehackers.com";
in
{
  # Create user to host kiosk
  users.users.kiosk = {
    isSystemUser = true;
    group = "kiosk";
  };
  users.groups.kiosk = { };

  # Setup caged kiosk, with kiosk firefox
  # Use a temporary directory for the firefox profile
  # This removes the need for a home directory at all
  # Using a private window removes most effects of a profile anyways
  services.cage = {
    enable = true;
    user = "kiosk";
    program = ''
      ${lib.getExe pkgs.firefox} \
        --profile /tmp/firefox-profile \
        --kiosk \
        --private-window "${dashboardUrl}"
    '';
    extraArguments = [ "-d" ];
  };

  # Create temporary directory for firefox profile
  systemd.tmpfiles.settings."10-kiosk" = {
    "/tmp/firefox-profile".d = {
      user = "kiosk";
      group = "kiosk";
    };
  };

  # Set firefox autoplay policy to always allow autoplay for dashboard
  programs.firefox.policies = {
    Permissions.Autoplay.Allow = [ dashboardUrl ];
  };

  # Enable pipewire/pipewire-pulse for audio
  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    pulse.enable = true;
  };
}