{
  inputs,
  lib,
  pkgs,
  ...
}:

{
  imports = [
    inputs.lanzaboote.nixosModules.lanzaboote
  ];

  environment.systemPackages = with pkgs; [
    sbctl
  ];

  boot.bootspec.enable = true;

  boot.initrd = {
    availableKernelModules = [
      "xhci_pci"
      "thunderbolt"
      "nvme"
      "ahci"
      "usbhid"
      "sd_mod"
    ];
    kernelModules = [ ];
    systemd.enable = true;
  };

  boot.extraModulePackages = [ ];

  boot.kernelModules = [ "kvm-intel" ];

  boot.lanzaboote = {
    enable = true;
    pkiBundle = "/var/lib/sbctl";
  };

  boot.loader.efi = {
    canTouchEfiVariables = true;
    efiSysMountPoint = "efi";
  };

  boot.loader.systemd-boot = {
    enable = lib.mkForce false;
    xbootldrMountPoint = "/boot";
  };
}