diff --git a/flake.nix b/flake.nix
index 4350525..4c07412 100644
--- a/flake.nix
+++ b/flake.nix
@@ -58,6 +58,18 @@
           ./hosts/generic/virtualization.nix
           ./hosts/generic/plymouth.nix
           ./home/yaroslav/steam.nix
+          lanzaboote.nixosModules.lanzaboote
+          ({ pkgs, lib, ... }: {
+            # Lanzaboote currently replaces the systemd-boot module.
+            # This setting is usually set to true in configuration.nix
+            # generated at installation time. So we force it to false
+            # for now.
+            boot.loader.systemd-boot.enable = lib.mkForce false;
+            boot.lanzaboote = {
+              enable = true;
+              pkiBundle = "/var/lib/sbctl";
+            };
+          })
           home-manager.nixosModules.home-manager
           {
             home-manager.useUserPackages = true;