{ config, lib, pkgs, ... }:

{
  boot.kernelPackages = pkgs.linuxPackages_latest;

  # Bootloader, initrd and Kernel
  boot.loader.grub = {
    enable = true;
    enableCryptodisk = true;
    version = 2;
  };

  boot.initrd.availableKernelModules = [ 
    "xhci_pci"
    "ahci"
    "usb_storage"
    "sd_mod"
    "rtsx_pci_sdmmc"
    "aes_x86_64"
    "aesni_intel"
    "cryptd"
  ];

  boot.kernelModules = [ 
    "kvm-intel"

    # Workaround for nm-pptp to enforce module load
    "nf_conntrack_proto_gre"
    "nf_conntrack_pptp"
  ];

  boot.extraModprobeConfig = ''
    options kvm-intel nested=1
    options kvm-intel enable_shadow_vmcs=1
    options kvm-intel enable_apicv=1
    options kvm-intel ept=1
  '';
  boot.extraModulePackages = [ ];

  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = false; 

  # workaround to disable CPU wining
  # current CPU has 9 idle cstates.

  boot.tmpOnTmpfs = true;
}