From 9b8b7f12847945d53730759d29d565dace44e256 Mon Sep 17 00:00:00 2001
From: Aly Raffauf <aly@raffauflabs.com>
Date: Sat, 24 Aug 2024 12:41:39 -0400
Subject: [PATCH] lavaridge: enable lanzaboote

---
 hosts/lavaridge/default.nix | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/hosts/lavaridge/default.nix b/hosts/lavaridge/default.nix
index 4e28e1ce..9ca7c612 100644
--- a/hosts/lavaridge/default.nix
+++ b/hosts/lavaridge/default.nix
@@ -11,6 +11,7 @@
     ./home.nix
     ./secrets.nix
     ./stylix.nix
+    self.inputs.lanzaboote.nixosModules.lanzaboote
     self.inputs.nixhw.nixosModules.framework-13-amd-7000
     self.nixosModules.common-auto-upgrade
     self.nixosModules.common-base
@@ -24,11 +25,17 @@
   ];
 
   boot = {
+    initrd.systemd.enable = true;
     kernelPackages = lib.mkForce pkgs.linuxPackages_6_9;
 
+    lanzaboote = {
+      enable = true;
+      pkiBundle = "/etc/secureboot";
+    };
+
     loader = {
       efi.canTouchEfiVariables = true;
-      systemd-boot.enable = true;
+      systemd-boot.enable = lib.mkForce false;
     };
   };