{
  config,
  lib,
  namespace,
  ...
}:
with lib;
let
  cfg = config.${namespace}.bootloader.lanzaboote;
in
{
  imports = [ ./options.nix ];
  config = mkIf cfg.enable {
    boot.lanzaboote = {
      enable = cfg.enable;
      pkiBundle = "/etc/secureboot";
      settings = {
        console-mode = "max";
      };
      configurationLimit = cfg.configLimit;
    };
  };
}