{ pkgs, username, ... }: {
  security = {
    rtkit.enable = true;
    polkit = {
      enable = true;
      extraConfig = ''
        polkit.addRule(function(action, subject) {
          if ( subject.isInGroup("users") && (
           action.id == "org.freedesktop.login1.reboot" ||
           action.id == "org.freedesktop.login1.reboot-multiple-sessions" ||
           action.id == "org.freedesktop.login1.power-off" ||
           action.id == "org.freedesktop.login1.power-off-multiple-sessions"
          ))
          { return polkit.Result.YES; }
        })
      '';
    };

    pam.services = {
      login.enableGnomeKeyring = true;
      login.enableKwallet = true;
    };

    pam.services.hyprlock = {
      text = ''
        auth sufficient pam_unix.so try_first_pass nullok
        auth required pam_deny.so
      '';
    };

    pam.services.swaylock = {
      text = ''
        auth sufficient pam_unix.so try_first_pass nullok
        auth required pam_deny.so
      '';
    };

    sudo.extraRules = [
      {
        users = [ "${username}" ];
        commands = [
          {
            command = "ALL";
            options = [ "NOPASSWD" ];
          }
        ];
      }
    ];
  };
}