{ lib, config, ... }:
let isSANDBOX = builtins.elem config.syscfg.hostname [ "sandbox" ];
in {
  config = lib.mkIf (!isSANDBOX) {
    boot.loader = {
      systemd-boot = {
        enable = true;
        configurationLimit = 8;
      };
      efi = {
        canTouchEfiVariables = true;
        efiSysMountPoint = "/boot/efi";
      };
    };
  };
}