{ lib, config, ... }:
let isSANDBOX = builtins.elem config.syscfg.hostname [ "sandbox" ];
in {
  config = lib.mkIf (!isSANDBOX) {
    boot.kernelParams = [ 
      "async_probe=tpm*"     # Load TPM in parallel without blocking udev
      "8250.nr_uarts=0"      # Stop scanning for old motherboard serial lines (ttyS0-S3)
    ];
    boot.initrd = {
      compressor = "zstd";
      checkJournalingFS = false;
    };
    boot.loader = {
      timeout = 2;
      systemd-boot = {
        enable = true;
        configurationLimit = 8;
      };
      efi = {
        canTouchEfiVariables = true;
        efiSysMountPoint = "/boot";
      };
    };
  };
}