nix-config/hosts/desktop/boot.nix

{ lib, pkgs, ... }:
let
  configLimit = 5;
  default = "@saved";
  kernel = pkgs.linuxPackages_latest;
in
{
  # Configure bootloader with lanzaboot and secureboot
  boot = {
    kernelModules = [ "nct6775" ];
    loader = {
      systemd-boot = {
        enable = lib.mkForce false;
        extraEntries = { 
          "Windows.conf" = ''
            title Windows 11
            efi /shellx64.efi
            options -nointerrupt -nomap -noversion b18bfb02-872a-4a24-ada1-afe1e51474f4:EFI\Microsoft\Boot\bootmgfw.efi
          '';
          };
          memtest86.enable = lib.mkForce true;
      };

      efi = {
        canTouchEfiVariables = true;
        efiSysMountPoint = "/boot";
      };
    };

    lanzaboote = {
      enable = true;
      pkiBundle = "/etc/secureboot";
      settings = {
        default = default;
        console-mode = "max";
      };
      configurationLimit = configLimit;
    };

    kernelPackages = kernel;

    kernelParams = [
      "quiet"
      # needed cause ssd powersaving is broken af I guess
      "nvme_core.default_ps_max_latency_us=0"
      "pcie_aspm=off"
    ];

    consoleLogLevel = 3;
    bootspec.enable = true;
  };

  environment.systemPackages = with pkgs; [ 
    edk2-uefi-shell
   ];
}