{...}: {
  boot = {
    lanzaboote = {
      enable = true;
      configurationLimit = 7;
      pkiBundle = "/var/lib/sbctl";
      settings = {
        timeout = 2;
        sortKey = "lanza";
      };
    };
  };
}