{ lib, config, pkgs, ...}: { imports = [ ./bootloader.nix ]; # SecureBoot boot.loader.systemd-boot.enable = lib.mkForce false; boot.lanzaboote.enable = true; boot.lanzaboote.pkiBundle = "/etc/secureboot"; # Bootloader boot.loader.efi.canTouchEfiVariables = true; boot.tmp.cleanOnBoot = true; boot.initrd.systemd.enable = true; }