From 91f2eb12964d63e7ff8c5b4b21fc397dd132e223 Mon Sep 17 00:00:00 2001
From: mjallen18 <matt.l.jallen@gmail.com>
Date: Sun, 23 Mar 2025 13:17:46 -0500
Subject: [PATCH] nas secureboot

---
 hosts/nas/boot.nix | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/hosts/nas/boot.nix b/hosts/nas/boot.nix
index 121eba6..6439577 100755
--- a/hosts/nas/boot.nix
+++ b/hosts/nas/boot.nix
@@ -9,7 +9,7 @@ in
     kernelModules = [ "nct6775" ];
     loader = {
       systemd-boot = {
-        enable = true;
+        enable = false;
         configurationLimit = configLimit;
       };
 
@@ -17,6 +17,15 @@ in
         canTouchEfiVariables = true;
         efiSysMountPoint = "/boot";
       };
+
+      lanzaboote = {
+        enable = true;
+        pkiBundle = "/etc/secureboot";
+        settings = {
+          console-mode = "max";
+        };
+        configurationLimit = configLimit;
+      };
     };
 
     kernel.sysctl = {