{ lib, config, ... }:
let
  inherit (lib) types mkIf mkDefault;
in
{
  options.systemd.services = lib.mkOption {
    type =
      let
        osConfig = config;
      in
      types.attrsOf (
        lib.types.submodule {
          config.serviceConfig = mkIf (osConfig.specialisation != { }) {
            RestrictSUIDSGID = mkDefault true;
          };
        }

      );
  };

  config = mkIf (config.specialisation != { }) {
    systemd.services = {
      suid-sgid-wrappers.serviceConfig.RestrictSUIDSGID = false;
    };
  };
}