From abfc4990f40df128881d43809bf0c375d842eda5 Mon Sep 17 00:00:00 2001
From: "Mohamed C." <mohamed@chrayed.de>
Date: Tue, 27 Aug 2024 17:21:21 +0200
Subject: [PATCH] add lanzaboote for secureboot

---
 flake.nix                       | 4 ++++
 modules/system/boot/default.nix | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/flake.nix b/flake.nix
index e8dc8fc..93df68e 100644
--- a/flake.nix
+++ b/flake.nix
@@ -14,6 +14,10 @@
       inputs.home-manager.follows = "home-manager";
     };
     nix-flatpak.url = "github:gmodena/nix-flatpak/?ref=v0.4.1";
+    lanzaboote = {
+      url = "github:nix-community/lanzaboote/v0.4.1";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
   # Define Outputs, import Modules
   outputs =
diff --git a/modules/system/boot/default.nix b/modules/system/boot/default.nix
index 26f9b4f..0a601e8 100644
--- a/modules/system/boot/default.nix
+++ b/modules/system/boot/default.nix
@@ -7,4 +7,8 @@
   boot.consoleLogLevel = 0;
   boot.kernelParams = [ "quiet" "udev.log_level=0" ];
   boot.initrd.verbose = false;
+  boot.lanzaboote = {
+    enable = true;
+    pkiBundle = "/etc/secureboot";
+  };
 }