Enable lanzaboote on julius-framework

2026-06-14 01:09:03 +02:00 · 2026-06-14 01:09:03 +02:00 · 87166601cd
commit 87166601cd
parent 7d45fe1534
2 changed files with 6 additions and 2 deletions
--- a/flake.nix
+++ b/flake.nix
@ -96,6 +96,7 @@
        modules = [
          nixos-hardware.nixosModules.framework-11th-gen-intel
          auto-cpufreq.nixosModules.default
+          lanzaboote.nixosModules.lanzaboote
          ./hosts/julius-framework
          ./users/julius/nixos.nix

--- a/hosts/julius-framework/default.nix
+++ b/hosts/julius-framework/default.nix
@ -75,10 +75,13 @@
      loader = {
          efi.canTouchEfiVariables = true;
          systemd-boot = {
-	      enable = true;
-              editor = false;
+	      enable = false; # Enabled by lanzaboote
          };
      };
+      lanzaboote = {
+        enable = true;
+        pkiBundle = "/var/lib/sbctl";
+      };
      initrd = {
        systemd.enable = true;
        luks.devices = {