Group shared system settings

system/shared/boot/loaders/default.nix

@@ -0,0 +1,5 @@
+{
+  imports = [
+    ./systemd-boot.nix
+  ];
+}

system/shared/boot/loaders/systemd-boot.nix

@@ -0,0 +1,18 @@
+{ config, lib, ... }: let 
+  cfg = config.myOptions.system.boot;
+in {
+  boot.loader.systemd-boot = {
+    enable = true;
+    memtest86.enable = true;
+
+    # Enabling the editor will allow anyone to change the kernel params.
+    # This can be useful for debugging, however it is a potential security hole
+    # as this allows setting init=/bin/bash, which will boot directly into bash
+    # as root, bypassing any need for authentication.
+    #
+    # If you're using an encrypted setup, and you can't get into the system without
+    # entering a decryption password (or have TPM release it conditionally, only if
+    # the kernel parameters remain the same), this can safely be enabled.
+    editor = lib.mkDefault false;
+  };
+}