haze: use lanzaboote

2026-01-27 14:36:11 +01:00 · 2026-01-27 14:36:11 +01:00 · 59458a3ba1
commit 59458a3ba1
parent 5bd14cffe9
2 changed files with 24 additions and 0 deletions
--- a/machines/haze/configuration.nix
+++ b/machines/haze/configuration.nix
@ -18,6 +18,7 @@
    self.nixosModules.desktop
    self.nixosModules.dev
    self.nixosModules.lanzaboote
    self.nixosModules.nix-defaults
    self.inputs.home-manager.nixosModules.home-manager
--- a/modules/lanzaboote.nix
+++ b/modules/lanzaboote.nix
@ -0,0 +1,23 @@
 {
  self,
  lib,
  pkgs,
  ...
 }:
 {
  imports = [
    self.inputs.lanzaboote.nixosModules.lanzaboote
  ];
  environment.systemPackages = [
    # For debugging and troubleshooting Secure Boot.
    pkgs.sbctl
  ];
  boot.loader.systemd-boot.enable = lib.mkForce false;
  boot.lanzaboote = {
    enable = true;
    pkiBundle = "/var/lib/sbctl";
  };
 }