{
  config,
  lib,
  namespace,
  ...
}:
with lib;
let
  # inherit (lib.${namespace}) mkOpt;
  cfg = config.${namespace}.security.tpm;
in
{
  options.${namespace}.security.tpm = {
    enable = mkEnableOption "enable tpm";
  };

  config = mkIf cfg.enable {

    security.tpm2 = {
      enable = lib.mkDefault true;
    };

    boot = {
      initrd = {
        kernelModules = [
          "tpm"
          "tpm_tis"
          "tpm_crb"
          "tpm_infineon"
        ];
        systemd = {
          enable = lib.mkDefault true;
          tpm2.enable = lib.mkDefault true;
        };
      };
    };
  };
}