{ pkgs, ... }:
{
  # ======================================================
  #  ____              _   _                 _           
  # | __ )  ___   ___ | |_| | ___   __ _  __| | ___ _ __ 
  # |  _ \ / _ \ / _ \| __| |/ _ \ / _` |/ _` |/ _ \ '__|
  # | |_) | (_) | (_) | |_| | (_) | (_| | (_| |  __/ |   
  # |____/ \___/ \___/ \__|_|\___/ \__,_|\__,_|\___|_|   
  #
  # Bootloader
  # UEFI enabled GRUB2 setup
  # with full disk encryption and swap with hibernation

  # Bootloader
  boot.loader = {
    efi = {
      canTouchEfiVariables = false;
      efiSysMountPoint = "/boot";
    };
    grub = {
      enable = true;
      efiSupport = true;
      extraEntriesBeforeNixOS = true;
      efiInstallAsRemovable = true; # in case canTouchEfiVariables doesn't work for your system
      device = "nodev";
      useOSProber = true;
    };
  };

  boot.kernelPackages = pkgs.linuxPackages_latest;

  # extra enabled kernel modules
  boot.kernelModules = [
    "sg" # for generic SCSI devices such as /dev/sg0
  ];

  # Kernel parameter on boot
  boot.kernelParams = [
    "quiet"
    "splash"
    "psi=1"
    "boot_delay=0"
  ];

  # Setup keyfile
  boot.initrd.secrets = {
    "/crypto_keyfile.bin" = null;
  };
}