{ inputs, config, pkgs, lib, ... } @ args:

let
  headlessProfile = import "${inputs.nixpkgs-unstable}/nixos/modules/profiles/headless.nix" args;
  hardenedProfile = import "${inputs.nixpkgs-unstable}/nixos/modules/profiles/hardened.nix" args;

  cfg = config.local.system;
in
{
  options.local.system = with lib; {
    kernel = mkOption {
      type = types.enum [ "hardened" "stable" "latest" ];
      default = "latest";
    };
    headless = mkEnableOption "headless profile";
  };

  config = lib.mkMerge [
    {
      boot.tmp.cleanOnBoot = true;
    }

    (lib.mkIf cfg.headless (
      headlessProfile // {
        zramSwap.enable = true;
      }
    ))

    (lib.mkIf (cfg.kernel == "hardened") (
      hardenedProfile // {
        boot.kernelPackages = pkgs.unstable.linuxPackages_6_6_hardened;
        # Fix for GLIBC errors due to 'scudo' from hardened profile.
        # https://github.com/NixOS/nix/issues/6563
        environment.memoryAllocator.provider = "libc";
      }
    ))
    (lib.mkIf (cfg.headless && cfg.kernel == "hardened") {
      # Disabled by hardened profile, big performance hit.
      security.allowSimultaneousMultithreading = true;
    })

    (lib.mkIf (cfg.kernel == "stable") {
      boot.kernelPackages = pkgs.unstable.linuxPackages_6_12;
    })

    (lib.mkIf (cfg.kernel == "latest") {
      boot.kernelPackages = pkgs.unstable.linuxPackages_latest;
    })

  ];
}