From 87166601cd6057899c5b6d3953c10d66d4a97fbb Mon Sep 17 00:00:00 2001
From: JuliusFreudenberger <julius+git@jfreudenberger.de>
Date: Sun, 14 Jun 2026 01:09:03 +0200
Subject: [PATCH] Enable lanzaboote on julius-framework

---
 flake.nix                          | 1 +
 hosts/julius-framework/default.nix | 7 +++++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/flake.nix b/flake.nix
index d929025..2811507 100644
--- a/flake.nix
+++ b/flake.nix
@@ -96,6 +96,7 @@
         modules = [
           nixos-hardware.nixosModules.framework-11th-gen-intel
           auto-cpufreq.nixosModules.default
+          lanzaboote.nixosModules.lanzaboote
           ./hosts/julius-framework
           ./users/julius/nixos.nix
 
diff --git a/hosts/julius-framework/default.nix b/hosts/julius-framework/default.nix
index 1719e36..9292f2d 100644
--- a/hosts/julius-framework/default.nix
+++ b/hosts/julius-framework/default.nix
@@ -75,10 +75,13 @@
       loader = {
           efi.canTouchEfiVariables = true;
           systemd-boot = {
-	      enable = true;
-              editor = false;
+	      enable = false; # Enabled by lanzaboote
           };
       };
+      lanzaboote = {
+        enable = true;
+        pkiBundle = "/var/lib/sbctl";
+      };
       initrd = {
         systemd.enable = true;
         luks.devices = {