{
  config,
  lib,
  pkgs,
  ...
}:
with lib; let
  cfg = config.local.boot.firmware;
in {
  options.local.boot.firmware = {
    mode = mkOption {
      type = types.enum ["none" "redistributable" "all"];
    };

    cpuVendor = mkOption {
      type = types.enum ["amd" "intel"];
    };
  };

  config = mkIf (cfg.mode != "none") {
    hardware = {
      cpu = {
        amd.updateMicrocode = cfg.cpuVendor == "amd";
        intel.updateMicrocode = cfg.cpuVendor == "intel";
      };

      enableAllFirmware = cfg.mode == "all";
      enableRedistributableFirmware = true;
    };

    local.boot.impermanence.directories = [
      {
        directory = "/var/lib/fwupd";
        user = "fwupd-refresh";
        group = "fwupd-refresh";
        mode = "u=rwx,g=rx,o=rx";
      }
    ];

    services.fwupd.enable = true;
  };
}