{ pkgs, config, lib, ... }:

{
  boot = {
    loader = {
      # Use the systemd-boot EFI boot loader.
      systemd-boot.enable = true;
       # Prohibits gaining root access by passing init=/bin/sh as a kernel parameter
      systemd-boot.editor = false;
      efi.canTouchEfiVariables = true;
    };

    kernelPackages = pkgs.linuxPackages_latest;
    tmpOnTmpfs = true;
  };
}