{
  npins,
  lib,
  config,
  pkgs,
  ...
}:
let
  inherit (lib) types;
  cfg = config.common.configure.boot;
  lanzaboote = import npins.lanzaboote {
    inherit pkgs;
  };

in
{

  options.common.configure.boot = {
    enable = lib.mkEnableOption "basic systemd-boot config";
    secureboot = lib.mkEnableOption "secureboot support via lanzaboote";

    configurationLimit = lib.mkOption {
      type = types.number;
      default = 10;
    };
    plymouth = {
      enable = lib.mkEnableOption "graphical bootscreen";
      theme = lib.mkOption {
        type = types.str;
        default = "bgrt";
      };
    };
  };

  imports =
    (lib.mkIf cfg.enable [
      lanzaboote.nixosModules.lanzaboote
    ]).content;

  config = lib.mkIf cfg.enable (
    lib.mkMerge [
      {
        boot.initrd.systemd.enable = true;
        boot.loader = {
          grub.enable = false;
          systemd-boot = {
            enable = lib.mkDefault true;
            inherit (cfg) configurationLimit;
          };
          efi = {
            canTouchEfiVariables = true;
            efiSysMountPoint = "/boot";
          };
        };
      }

      (lib.mkIf cfg.plymouth.enable {
        boot = {
          consoleLogLevel = 0;
          initrd.verbose = false;
          kernelParams = [
            "quiet"
            "udev.log_level=3"
          ];
          plymouth = {
            enable = true;
            inherit (cfg) theme;
          };
        };
      })

      (lib.mkIf cfg.secureboot {
        environment.systemPackages = with pkgs; [ sbctl ];

        common.configure.persist.system.dirs = [
          "/var/lib/sbctl"
        ];

        boot = {
          loader.systemd-boot.enable = lib.mkForce false;
          lanzaboote = {
            enable = true;
            pkiBundle = "/var/lib/sbctl";
            inherit (cfg) configurationLimit;
          };
        };
      })
    ]
  );

}