{ lib, pkgs, config, inputs, ... }:
with lib;
let
  cfg = config.n.host.bootloader;
in {
  options.n.host.bootloader = mkOption { type = types.str; };

  imports = [ inputs.lanzaboote.nixosModules.lanzaboote ];
  config = mkMerge [
    (mkIf (cfg == "lanzaboote") {
      environment.systemPackages = [ pkgs.sbctl ];

      boot = {
        loader = {
          systemd-boot.enable = lib.mkForce false;
          grub.enable = lib.mkForce false;
          efi.canTouchEfiVariables = true;
        };
        bootspec.enable = true;
        lanzaboote = {
          enable = true;
          pkiBundle = "/var/lib/sbctl";
        };
      };

      imp.dirs = [ { directory = "/var/lib/sbctl"; mode = "0400"; } ];
    })

    (mkIf (cfg == "grub") {
      boot.loader.grub = {
        enable = true;
        efiSupport = lib.mkDefault false;
        # efiInstallAsRemovable = true; # TODO: what's it?
        device = "nodev";
      };
      boot.loader.systemd-boot.enable = lib.mkForce false;
    })
    (mkIf (cfg == "sysdboot") {
      boot.loader.systemd-boot.enable = true;
    })
  ];
}