From 2777680940425a9a741a8ba1befef2fcf1cc139b Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Sun, 25 Jan 2026 08:20:25 -0800
Subject: enable lanzaboote

---
 machines/framebox.nix | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'machines')

diff --git a/machines/framebox.nix b/machines/framebox.nix
index 15a82bd..34ef32b 100644
--- a/machines/framebox.nix
+++ b/machines/framebox.nix
@@ -9,6 +9,7 @@
   wgPublicKey = "jf7T7TMKQWSgSXhUplldZDV9G2y2BjMmHIAhg5d26ng=";
   publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID76U5kt8DfBbuP16rMzfBTVTpjjPFKWnnheMALaCQEd";
   ephemeralRoot = true;
+  secureBoot = true;
 
   age.secrets = {
     wireguard.file = ../secrets/framebox/wireguard.age;
@@ -36,6 +37,7 @@
   };
 
   imports = [
+    # keep-sorted start
     ../profiles/authelia.nix
     ../profiles/core-metrics.nix
     ../profiles/defaults.nix
@@ -48,12 +50,14 @@
     ../profiles/postgresql.nix
     ../profiles/remote-unlock.nix
     ../profiles/restic-backup.nix
+    ../profiles/secureboot.nix
     ../profiles/server.nix
     ../profiles/state.nix
     ../profiles/users/admin-user.nix
     ../profiles/users/builder.nix
     ../profiles/users/home-manager.nix
     ../profiles/wireguard.nix
+    # keep-sorted end
   ];
 
   boot.kernelModules = [ "sg" ];
-- 
cgit v1.2.3