{
  config,
  lib,
  pkgs,
  namespace,
  ...
}:
let
  kernel = pkgs.${namespace}.linuxPackages_cachyos-server-lto-znver4;
in
{
  # Configure bootloader with lanzaboot and secureboot
  boot = {
    # Override kernel to latest
    kernelPackages = kernel;
    plymouth.enable = lib.mkForce false;

    initrd = {
      supportedFilesystems = [ "bcachefs" ];
      clevis = {
        enable = false;
        devices = {
          "/dev/disk/by-label/nas_pool".secretFile = "/etc/clevis/nas_pool.jwe";
        };
      };
    };

    # Enable binfmt emulation for ARM
    binfmt.emulatedSystems = [ "aarch64-linux" ]; # --argstr system aarch64-linux
  };

  environment.etc."clevis/nas_pool.jwe".source = config.sops.secrets."jallen-nas/nas_pool".path;
}