{ lib, config, pkgs, ...}: { # Bootloader boot.loader.efi.canTouchEfiVariables = true; boot.tmp.cleanOnBoot = true; # Plymouth splash screen boot.plymouth.enable = true; boot.initrd.systemd.enable = true; boot.kernelParams = ["quiet"]; # SecureBoot boot.loader.systemd-boot.enable = lib.mkForce false; boot.lanzaboote.enable = true; boot.lanzaboote.pkiBundle = "/etc/secureboot"; }