diff --git a/flake.nix b/flake.nix
index e02af16b..7754db3c 100644
--- a/flake.nix
+++ b/flake.nix
@@ -64,6 +64,8 @@
 
         channelsConfig = { allowUnfree = true; };
 
+        supportedSystems = [ "x86_64-linux" "aarch64-linux" ];
+
         channels = {
           nixos = {
             imports = [ (digga.lib.importOverlays ./overlays) ];
@@ -149,6 +151,9 @@
 
         deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations {
           fae = {
+            hostname = "fae.fritz.box:22";
+            sshUser = "pub-solar";
+            fastConnect = true;
             profilesOrder = [ "system" "direnv" ];
             profiles.direnv = {
               user = "pub-solar";
diff --git a/hosts/fae.nix b/hosts/fae.nix
index 45aab903..fac810d0 100644
--- a/hosts/fae.nix
+++ b/hosts/fae.nix
@@ -9,7 +9,9 @@
       }
     }/raspberry-pi/4"
     profiles.users.root # make sure to configure ssh keys
-    profiles.users.nixos
+    profiles.users.pub-solar
+    profiles.base-user
+    profiles.pub-solar-iso
   ];
 
   config = {
@@ -23,37 +25,61 @@
       };
     };
 
-    networking = {
-      hostName = "fae";
-    };
-
-    environment.systemPackages = with pkgs; [ vim ];
+    environment.systemPackages = with pkgs; [
+      (kodi-gbm.withPackages (p: with p; [ jellyfin netflix youtube ]))
+    ];
 
     services.openssh.enable = true;
 
-    #users = {
-    #  mutableUsers = false;
-    #  users."${user}" = {
-    #    isNormalUser = true;
-    #    password = password;
-    #    extraGroups = [ "wheel" ];
-    #  };
-    #};
+    networking.firewall = {
+      allowedTCPPorts = [ 8080 ];
+      allowedUDPPorts = [ 8080 ];
+    };
 
     security.sudo.extraConfig = lib.mkAfter ''
       %wheel    ALL=(ALL) NOPASSWD:ALL
     '';
 
+    nix = {
+      autoOptimiseStore = true;
+
+      gc.automatic = true;
+
+      optimise.automatic = true;
+
+      useSandbox = true;
+
+      allowedUsers = [ "@wheel" ];
+
+      trustedUsers = [ "root" "@wheel" ];
+
+      extraOptions = ''
+        min-free = 536870912
+        keep-outputs = true
+        keep-derivations = true
+        fallback = true
+      '';
+    };
 
     # Enable GPU acceleration
     hardware.raspberry-pi."4".fkms-3d.enable = true;
 
-    #services.xserver = {
-    #  enable = true;
-    #  displayManager.lightdm.enable = true;
-    #  desktopManager.xfce.enable = true;
-    #};
+    # Define a user account for kodi
+    users.extraUsers.kodi.isNormalUser = true;
+
+    services.xserver = {
+      enable = true;
+      desktopManager.kodi.enable = true;
+      desktopManager.kodi.package = pkgs.kodi-gbm;
+      displayManager = {
+        autoLogin.enable = true;
+        autoLogin.user = "kodi";
+      };
+    };
 
     hardware.pulseaudio.enable = true;
+
+    # custom raspi boot loader is already present
+    boot.loader.systemd-boot.enable = lib.mkForce false;
   };
 }