{ pkgs
, lib
, config
, ... }: with lib; let
  cfg = config.global.kernel;
in {
  options.global.kernel = {
    enable = mkEnableOption "kernel version and configuration" // { default = true; };
    lts = mkEnableOption "longterm kernel releases";
    sysctl = {
      enable = mkEnableOption "sysctl presets" // { default = true; };
      harden = mkEnableOption "hardening sysctls" // { default = true; };
      swappiness = mkOption {
        type = with types; int;
        default = 0;
        description = "vm.swappiness value, should be zero for low memory SSD systems";
      };
    };
  };

  config = mkIf cfg.enable {
    boot.kernel.sysctl = {
      "kernel.dmesg_restrict" = mkIf cfg.sysctl.harden 1;
      "vm.swappiness" = cfg.sysctl.swappiness;
    };
    boot.kernelPackages = with pkgs; mkOverride 1001 (if cfg.lts then linuxPackages else linuxPackages_latest);
  };
}