From e3a1c3e4df057dec33712b8ef4395b312b387448 Mon Sep 17 00:00:00 2001
From: Aly Raffauf <aly@raffauflabs.com>
Date: Sat, 24 Aug 2024 15:52:21 -0400
Subject: [PATCH] rustboro: enable secure boot

---
 hosts/rustboro/default.nix | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/hosts/rustboro/default.nix b/hosts/rustboro/default.nix
index c1805d6d..e2bf00f0 100644
--- a/hosts/rustboro/default.nix
+++ b/hosts/rustboro/default.nix
@@ -22,9 +22,16 @@
     self.nixosModules.common-wifi-profiles
   ];
 
-  boot.loader = {
-    efi.canTouchEfiVariables = true;
-    systemd-boot.enable = true;
+  boot = {
+    lanzaboote = {
+      enable = true;
+      pkiBundle = "/etc/secureboot";
+    };
+
+    loader = {
+      efi.canTouchEfiVariables = true;
+      systemd-boot.enable = lib.mkForce false;
+    };
   };
 
   environment.variables = {