{
  config,
  lib,
  pkgs,
  ...
}:

{
  imports = [ ];

  options.me = {
    bootstrap.enable = lib.mkOption {
      type = lib.types.bool;
      default = false;
      example = true;
      description = "Whether we want to install bootstrap.";
    };

    bootstrap.manifests = lib.mkOption {
      type = lib.types.listOf lib.types.str;
      default = [ ];
      example = lib.literalExpression ''[ ${./files/clusterrole.yaml} ]'';
      description = "List of kubernetes manifests to load into the cluster.";
    };
  };

  config =
    lib.mkIf (config.me.bootstrap.enable && ((builtins.length config.me.bootstrap.manifests) > 0))
      {
        systemd.services.kube-bootstrap = {
          enable = true;
          description = "Load initial kubernetes manifests into the cluster";
          after = [ "kubernetes.target" ];
          wantedBy = [ "multi-user.target" ];
          path = with pkgs; [
            kubectl
          ];
          unitConfig.DefaultDependencies = "no";
          serviceConfig = {
            Type = "oneshot";
          };
          script =
            let
              manifests = (lib.concatMapStringsSep "," lib.escapeShellArg config.me.bootstrap.manifests);
            in
            ''
              set -o pipefail
              IFS=$'\n\t'

              kubectl --kubeconfig=/.persist/keys/kube/kubelet.kubeconfig apply --server-side --force-conflicts -f ${manifests}
            '';
        };
      };
}