Enable lanzaboote on julius-framework

flake.nix

@@ -96,6 +96,7 @@
         modules = [
           nixos-hardware.nixosModules.framework-11th-gen-intel
           auto-cpufreq.nixosModules.default
+          lanzaboote.nixosModules.lanzaboote
           ./hosts/julius-framework
           ./users/julius/nixos.nix
 

hosts/julius-framework/default.nix

@@ -75,10 +75,13 @@
       loader = {
           efi.canTouchEfiVariables = true;
           systemd-boot = {
-	      enable = true;
+	      enable = false; # Enabled by lanzaboote
-              editor = false;
           };
       };
+      lanzaboote = {
+        enable = true;
+        pkiBundle = "/var/lib/sbctl";
+      };
       initrd = {
         systemd.enable = true;
         luks.devices = {