From 792818bba35e86eb04b2a3bcaee8fa39d6803c13 Mon Sep 17 00:00:00 2001
From: yaroslav <yaroslav@Ratchet.local>
Date: Wed, 29 Apr 2026 13:17:33 +0300
Subject: [PATCH] added lanzaboote for ratchet

---
 flake.nix | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/flake.nix b/flake.nix
index 4350525..4c07412 100644
--- a/flake.nix
+++ b/flake.nix
@@ -58,6 +58,18 @@
           ./hosts/generic/virtualization.nix
           ./hosts/generic/plymouth.nix
           ./home/yaroslav/steam.nix
+          lanzaboote.nixosModules.lanzaboote
+          ({ pkgs, lib, ... }: {
+            # Lanzaboote currently replaces the systemd-boot module.
+            # This setting is usually set to true in configuration.nix
+            # generated at installation time. So we force it to false
+            # for now.
+            boot.loader.systemd-boot.enable = lib.mkForce false;
+            boot.lanzaboote = {
+              enable = true;
+              pkiBundle = "/var/lib/sbctl";
+            };
+          })
           home-manager.nixosModules.home-manager
           {
             home-manager.useUserPackages = true;