From 5212255fa1d10cbd17cb9841ca0611b0ecc91922 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Fri, 18 Jul 2025 19:20:28 +0200
Subject: lanzaboote

---
 hosts/sif/default.nix | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

(limited to 'hosts/sif')

diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix
index 4cb6162e..4cdd4aa7 100644
--- a/hosts/sif/default.nix
+++ b/hosts/sif/default.nix
@@ -13,7 +13,7 @@ in {
   imports = with flake.nixosModules.systemProfiles; [
     ./hw.nix
     ./email ./libvirt ./greetd
-    tmpfs-root bcachefs initrd-all-crypto-modules default-locale openssh rebuild-machines niri-unstable networkmanager
+    tmpfs-root bcachefs initrd-all-crypto-modules default-locale openssh rebuild-machines niri-unstable networkmanager lanzaboote
     flakeInputs.nixos-hardware.nixosModules.lenovo-thinkpad-p1
     flakeInputs.impermanence.nixosModules.impermanence
     flakeInputs.nixVirt.nixosModules.default
@@ -51,13 +51,8 @@ in {
 
       blacklistedKernelModules = [ "nouveau" ];
 
-      # Use the systemd-boot EFI boot loader.
+      lanzaboote.configurationLimit = 15;
       loader = {
-        systemd-boot = {
-          enable = true;
-          configurationLimit = 15;
-          netbootxyz.enable = true;
-        };
         efi.canTouchEfiVariables = true;
         timeout = null;
       };
@@ -679,6 +674,7 @@ in {
         "/var/lib/upower"
         "/var/lib/postfix"
         "/etc/NetworkManager/system-connections"
+        config.boot.lanzaboote.pkiBundle
       ];
       files = [
       ];
-- 
cgit v1.2.3