From 78fbe38b7120250b6365c1bd934f968f557ea9e6 Mon Sep 17 00:00:00 2001
From: Florian RICHER <florian.richer@protonmail.com>
Date: Sat, 1 Feb 2025 16:39:00 +0100
Subject: [PATCH] hosts: Add secureboot

---
 hosts/perso-desktop/configuration.nix | 6 +++++-
 hosts/perso-laptop/configuration.nix  | 6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/hosts/perso-desktop/configuration.nix b/hosts/perso-desktop/configuration.nix
index cc2c8ea..6a80f5c 100644
--- a/hosts/perso-desktop/configuration.nix
+++ b/hosts/perso-desktop/configuration.nix
@@ -15,7 +15,11 @@
     ];
 
   # Bootloader.
-  boot.loader.systemd-boot.enable = true;
+  boot.loader.systemd-boot.enable = lib.mkForce false;
+  boot.lanzaboote = {
+    enable = true;
+    pkiBundle = "/var/lib/sbctl";
+  };
   boot.loader.efi.canTouchEfiVariables = true;
 
   # Limit the number of generations to keep
diff --git a/hosts/perso-laptop/configuration.nix b/hosts/perso-laptop/configuration.nix
index e378ea1..825bcec 100644
--- a/hosts/perso-laptop/configuration.nix
+++ b/hosts/perso-laptop/configuration.nix
@@ -15,7 +15,11 @@
     ];
 
   # Bootloader.
-  boot.loader.systemd-boot.enable = true;
+  boot.loader.systemd-boot.enable = lib.mkForce false;
+  boot.lanzaboote = {
+    enable = true;
+    pkiBundle = "/var/lib/sbctl";
+  };
   boot.loader.efi.canTouchEfiVariables = true;
 
   # Limit the number of generations to keep