From 0a1246e5c6de6034999d70962b432e72e26a8470 Mon Sep 17 00:00:00 2001
From: Mohamed Chrayed <mo@chrayed.de>
Date: Tue, 3 Mar 2026 14:03:05 +0100
Subject: [PATCH] add lanzaboote

---
 modules/security/secure-boot/secure-boot.nix | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/modules/security/secure-boot/secure-boot.nix b/modules/security/secure-boot/secure-boot.nix
index 1b20f35..227ef1e 100644
--- a/modules/security/secure-boot/secure-boot.nix
+++ b/modules/security/secure-boot/secure-boot.nix
@@ -1,7 +1,16 @@
-{ ... }: {
-  flake.nixosModules.secure-boot = { pkgs, ... }: {
-    environment.systemPackages = with pkgs; [
-      sbctl
+{ inputs, ... }: {
+  flake.nixosModules.secure-boot = { pkgs, lib, ... }: {
+    imports = [
+      inputs.lanzaboote.nixosModules.lanzaboote
     ];
+
+    environment.systemPackages = [ pkgs.sbctl ];
+
+    boot.loader.systemd-boot.enable = lib.mkForce false;
+
+    boot.lanzaboote = {
+      enable = true;
+      pkiBundle = "/var/lib/sbctl";
+    };
   };
 }