{ pkgs, ... }:
let
  configLimit = 20;
  kernel = pkgs.linuxPackages_latest;
in
{
  # Configure bootloader with lanzaboot and secureboot
  boot = {
    kernelModules = [ "nct6775" ];
    loader = {
      systemd-boot = {
        enable = true;
        configurationLimit = configLimit;
      };

      efi = {
        canTouchEfiVariables = true;
        efiSysMountPoint = "/boot";
      };
    };

    lanzaboote = {
      enable = false;
      pkiBundle = "/etc/secureboot";
      settings = {
        console-mode = "max";
      };
      configurationLimit = configLimit;
    };

    # Override kernel to latest
    kernelPackages = kernel;

    kernelParams = [
      "nohibernate"
    ];

    consoleLogLevel = 3;
    bootspec.enable = true;

    initrd = {
      kernelModules = [
        # "tpm"
        # "tpm_tis"
        # "tpm_crb"
        # "tpm_infineon"
      ];
      systemd = {
        enable = true;
        tpm2.enable = true;
      };
    };
  };

  zramSwap = {
    enable = true;
  };
}