{
  pov,
  config,
  lib,
  pkgs,
  ...
}:

let
  inherit (lib) types;
  cfg = lib.getAttrFromPath pov config;

in
{

  option = {
    type = types.bool;
    default = false;
  };

  config = lib.mkIf (cfg.enable && (cfg.type == "uefi")) (
    lib.mkMerge [
      (lib.mkIf cfg.secureboot {
        environment.systemPackages = with pkgs; [ sbctl ];

        modules.filesystem.impermanence.system.dirs = [
          "/var/lib/sbctl"
        ];

        boot = {
          lanzaboote = {
            enable = true;
            pkiBundle = "/var/lib/sbctl";
            inherit (cfg) configurationLimit;
          };
          loader.systemd-boot.enable = lib.mkForce false;
        };
      })
      (lib.mkIf (!cfg.secureboot) {
        boot.loader.systemd-boot = {
          enable = true;
          inherit (cfg) configurationLimit;
        };
      })
    ]
  );

}