{
  pkgs,
  lib,
  ...
}: {
  boot = {
    initrd = {
      #compressor = "lz4";
      #compressorArgs = ["-9"];
      kernelModules = ["nvme" "btrfs"];
    };

    kernelPackages = pkgs.linuxPackages_latest;

    lanzaboote = {
      enable = true;
      pkiBundle = "/etc/secureboot";
    };

    loader = {
      # Lanzaboote currently replaces the systemd-boot module.
      # This setting is usually set to true in configuration.nix
      # generated at installation time. So we force it to false
      # for now.
      systemd-boot.enable = lib.mkForce false;

      grub = {
        enable = false;
        # theme = pkgs.nixos-grub2-theme;
        splashImage = ./boot_pictures/gnu.png;
        efiSupport = true;
        device = "nodev"; # only for efi
      };

      efi = {
        canTouchEfiVariables = true;
        efiSysMountPoint = "/boot";
      };
    };
  };
}