From 88365b373abe04b01fa84a43f03316e6516371c3 Mon Sep 17 00:00:00 2001
From: Gabriella Bere <contact@gabbie.blue>
Date: Sat, 14 Sep 2024 22:11:15 +0100
Subject: [PATCH] add lanzaboote and remove defective aagl module for now

---
 flake.nix                            | 13 ++++++++++---
 hosts/gabbielaptop/configuration.nix | 14 +++++++++++++-
 2 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/flake.nix b/flake.nix
index c7e6483..8ae2ca7 100644
--- a/flake.nix
+++ b/flake.nix
@@ -34,6 +34,12 @@
       url = "github.ezKEa/aagl-gtk-on-nix";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+
+    lanzaboote = {
+      url = "github:nix-community/lanzaboote";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
     satisfactory-server = {
       url = "github:nekowinston/satisfactory-server-flake";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -57,9 +63,10 @@
 	./modules/nh.nix
         ./modules/waydroid.nix
         ./modules/packages.nix
-	./modules/aagl.nix
-        inputs.aagl.nixosModules.default
-	{ nix.settings = inputs.aagl.nixConfig; } # Setup cachix for aagl projects
+#       ./modules/aagl.nix
+#        inputs.aagl.nixosModules.default
+	inputs.lanzaboote.nixosModules.lanzaboote
+#	{ nix.settings = inputs.aagl.nixConfig; } # Setup cachix for aagl projects
         # Imports home-manager module for use within nixos, not reccomended for use WITH standalone version
 #        inputs.home-manager.nixosModules.default
       ];
diff --git a/hosts/gabbielaptop/configuration.nix b/hosts/gabbielaptop/configuration.nix
index 7fe3463..4559c07 100644
--- a/hosts/gabbielaptop/configuration.nix
+++ b/hosts/gabbielaptop/configuration.nix
@@ -12,9 +12,19 @@
   ];
 
   # Bootloader.
-  boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
+  boot = {
+    initrd.systemd.enable = true;
+
+    loader.systemd-boot.enable = lib.mkForce false;
+
+    lanzaboote = {
+      enable = true;
+      pkiBundle = "/etc/secureboot";
+    };
+  };
+
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
   # default kernel causes issues with wpa_supplicant meaning shutdown times are > 10 mins updating to kernel 69+ fixes this
@@ -29,6 +39,8 @@
 
   boot.initrd.kernelModules = [ "amdgpu" ];
 
+  boot.bootspec.enabled = true;
+
   networking.hostName = "gabbielaptop"; # Define your hostname.
   # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.