{
  config,
  lib,
  outputs,
  pkgs,
  ...
}:
{
  # Configure bootloader with lanzaboot and secureboot
  boot = {
    loader = {
      systemd-boot = {
        enable = false;
        configurationLimit = 2;
      };

      efi = {
        canTouchEfiVariables = true;
        efiSysMountPoint = "/boot";
      };
    };

    lanzaboote = {
      enable = true;
      pkiBundle = "/etc/secureboot";
      settings = {
        default = "@saved";
        console-mode = "max";
      };
      configurationLimit = 5;
    };

    # Override kernel to latest
    kernelPackages = pkgs.linuxPackages_latest;

    kernelParams = [
      "quiet"
      # needed cause ssd powersaving is broken af I guess
      "nvme_core.default_ps_max_latency_us=0"
      "pcie_aspm=off"
    ];

    consoleLogLevel = 3;
    bootspec.enable = true;
  };
}