{pkgs, ...}: {
  boot = {
    initrd = {
      #compressor = "lz4";
      #compressorArgs = ["-9"];
      kernelModules = ["nvme" "btrfs"];
    };

    kernelPackages = pkgs.linuxPackages_latest;

    lanzaboote = {
      enable = true;
      pkiBundle = "/etc/secureboot";

      settings = {
      };
    };

    loader = {
      systemd-boot = {
        # Lanzaboote currently replaces the systemd-boot module.
        # This setting is usually set to true in configuration.nix
        # generated at installation time. So we force it to false
        # for now.
        enable = false;

        # Disable editing the kernel command line (which could allow someone to become root)
        editor = false;

        extraEntries = {
          "live.conf" = ''
            title Archlinux Live ISO
            linux /live/vmlinuz-linux
            initrd /live/initramfs-linux.img
            options img_loop=/archlinux.iso copytoram
          '';
        };

        extraFiles = let
          iso = import ./archlive_iso.nix {inherit pkgs;};
        in {
          "archlinux.iso" = "${iso}/archlinux.iso";
          "live/initramfs-linux.img" = "${iso}/live/initramfs-linux.img";
          "live/vmlinuz-linux" = "${iso}/live/vmlinuz-linux";
        };
      };

      grub = {
        enable = false;
        # theme = pkgs.nixos-grub2-theme;
        splashImage = ./boot_pictures/gnu.png;
        efiSupport = true;
        device = "nodev"; # only for efi
      };

      efi = {
        canTouchEfiVariables = true;
        efiSysMountPoint = "/boot";
      };
    };
  };
}