nix-config/users/guest/default.nix

{
  config,
  pkgs,
  lib,
  ...
}:
let
  inherit (lib)
    optional
    ;
  name = "guest";
  hostFile = ./. + "/${config.networking.hostName}.nix";
in
{
  users.users.${name} = {
    description = "Guest";
    extraGroups = [
      "audio"
      "input"
      "render"
      "video"
    ];
    group = "users";
    isNormalUser = true;
    password = "";
    shell = pkgs.zsh;
  };

  home-manager.users.${name} = {
    imports = [
      ./common/optional/graphical/jellyfin.nix
      ./common/optional/graphical/steam.nix
      {
        home.persistence."/state" = {
          directories = [
            ".local/state/wireplumber"
          ];
        };
        home.persistence."/persist" = {
          directories = [
            ".local/share/icons"
          ];
        };
      }
    ]
    ++ optional (builtins.pathExists hostFile) hostFile;

    home = {
      packages = with pkgs; [
        adwaita-fonts
      ];
      username = name;
      sessionVariables = {
        ZDOTDIR = "~/.config/zsh";
      };
      pointerCursor = {
        enable = true;
        size = 64;
        name = "macOS";
        package = pkgs.apple-cursor;
        gtk.enable = true;
        x11.enable = true;
      };
    };

    fonts.fontconfig.enable = true;

    programs.firefox = {
      enable = true;
      profiles.Default = {
        search = {
          default = "ddg";
          privateDefault = "ddg";
          force = true;
        };
        settings = {
          "layout.css.devPixelsPerPx" = 1.5;
        };
      };
    };

    programs.zsh = {
      enable = true;
      enableCompletion = true;
    };

    xdg.enable = true;
  };

  services.displayManager = {
    enable = true;
    sessionPackages =
      let
        firefoxDesktopFile = pkgs.writeTextFile {
          name = "firefox-desktop-entry";
          destination = "/share/wayland-sessions/firefox.desktop";
          text = ''
            [Desktop Entry]
            Name=Firefox
            Comment=Desktop session for web browsing
            Exec=${pkgs.gamescope}/bin/gamescope --rt --backend drm --expose-wayland -W 3840 -H 2160 -- MOZ_ENABLE_WAYLAND=1 ${pkgs.firefox}/bin/firefox https://www.youtube.com/
            Type=Application
          '';
        };

        jellyfinDesktopFile = pkgs.writeTextFile {
          name = "jellyfin-desktop-entry";
          destination = "/share/wayland-sessions/jellyfin.desktop";
          text = ''
            [Desktop Entry]
            Name=Jellyfin
            Comment=Desktop session for music, movies, and TV
            Exec=${pkgs.gamescope}/bin/gamescope --rt --backend drm -W 3840 -H 2160 -- ${pkgs.jellyfin-media-player}/bin/jellyfinmediaplayer --scale-factor 2 --tv --fullscreen
            Type=Application
          '';
        };

        steamDesktopFile = pkgs.writeTextFile {
          name = "steam-desktop-entry";
          destination = "/share/wayland-sessions/steam.desktop";
          text = ''
            [Desktop Entry]
            Name=Steam
            Comment=Desktop session for gaming
            Exec=${pkgs.gamescope}/bin/gamescope --rt --backend drm --steam -- ${pkgs.steam}/bin/steam -pipewire-dmabuf -tenfoot
            Type=Application
          '';
        };

        firefoxSession = pkgs.symlinkJoin {
          name = "firefox-session";
          paths = [ firefoxDesktopFile ];
          passthru.providedSessions = [ "firefox" ];
        };

        jellyfinSession = pkgs.symlinkJoin {
          name = "jellyfin-session";
          paths = [ jellyfinDesktopFile ];
          passthru.providedSessions = [ "jellyfin" ];
        };

        steamSession = pkgs.symlinkJoin {
          name = "steam-session";
          paths = [ steamDesktopFile ];
          passthru.providedSessions = [ "steam" ];
        };
      in
      [
        firefoxSession
        jellyfinSession
        steamSession
      ];
  };

  services.greetd =
    let
      desktops = config.services.displayManager.sessionData.desktops;
    in
    {
      enable = true;
      settings = {
        default_session = {
          command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --sessions ${desktops}/share/xsessions:${desktops}/share/wayland-sessions";
        };
      };
    };

  # security.pam.services = {
  #   greetd.text = ''
  #     auth      requisite     pam_nologin.so
  #     auth      sufficient    pam_succeed_if.so user = ${name} quiet_success
  #     auth      required      pam_unix.so
  #
  #     account   sufficient    pam_unix.so
  #
  #     password  required      pam_deny.so
  #
  #     session   optional      pam_keyinit.so revoke
  #     session   include       login
  #   '';
  # };

  # Workaround: https://github.com/nix-community/home-manager/issues/7166
  systemd.services."home-manager-${name}".serviceConfig = {
    RemainAfterExit = "yes";
  };
}