{ config, lib, options, ... }:
with lib; let
  cfg = config.local.boot.namespaced;
in
{
  options.local.boot.namespaced = {
    enable = mkEnableOption "system containerization";
  };

  config = mkIf cfg.enable {
    boot.isContainer = true;

    local.boot = mkMerge ([
      {
        loader = mkForce "none";

        efi.enable = mkForce false;
        firmware.mode = mkForce "none";
        secureBoot.enable = mkForce false;
        impermanence.enable = mkForce false;
      }
    ] ++ map
      (name: {
        stack.${name}.enable = mkForce false;
      })
      (attrNames options.local.boot.stack));
  };
}