{ lib, pkgs, ... }:
let
  configLimit = 5;
  default = "@saved";
  kernel = pkgs.linuxPackages_cachyos;
in
{
  # Configure bootloader with lanzaboot and secureboot
  boot = {
    kernelModules = [ "nct6775" ];
    loader = {
      efi = {
        canTouchEfiVariables = true;
        efiSysMountPoint = "/boot";
      };
    };

    initrd = {
      verbose = false;
      systemd.enable = true;
    };

    plymouth = {
      enable = true;
    };

    lanzaboote = {
      enable = true;
      pkiBundle = "/etc/secureboot";
      settings = {
#        default = default;
        console-mode = "max";
      };
      configurationLimit = configLimit;
    };

    kernelPackages = kernel;

    kernelParams = [
      "quiet"
      # needed cause ssd powersaving is broken af I guess
      "nvme_core.default_ps_max_latency_us=0"
      "pcie_aspm=off"
    ];

    consoleLogLevel = 3;
    bootspec.enable = true;
  };

  environment.systemPackages = with pkgs; [ 
    edk2-uefi-shell
   ];
}