nixos-configs/hosts/mpl/bootloader.nix

{...}: {
  # TODO: lanzaboote
  boot = {
    initrd.systemd = {
      enable = true;
      enableTpm2 = true;
    };

    loader = {
      efi.canTouchEfiVariables = true;

      timeout = 2;
      systemd-boot = {
        enable = true;
        configurationLimit = 3;
      };
    };
  };
}