{ config, pkgs, ... }:

{
  boot.loader.systemd-boot = {
    enable = true;
    editor = false;
    configurationLimit = 10;
  };

  boot.loader.efi.canTouchEfiVariables = true;
  boot.kernelPackages = pkgs.linuxPackages_latest;
  boot.initrd.kernelModules = [ "amdgpu" ];
  
  # Kernel parameters for security and performance
  boot.kernelParams = [
    "preempt=full"
    "slab_nomerge"
    "init_on_alloc=1"
    "init_on_free=1"
    "page_alloc.shuffle=1"
    "randomize_kstack_offset=on"
    "vsyscall=none"
    "mitigations=auto"
  ];

  boot.kernelModules = [ "tcp_bbr" ];

  boot.tmp.useTmpfs = true;
  boot.tmp.tmpfsSize = "4G";

  nix.settings.experimental-features = [ "nix-command" "flakes" ];
  xdg.portal.config.common.default = [ "gnome" ];
}