From 40f0c218d9d5132c0af35db145ed9776814a520d Mon Sep 17 00:00:00 2001
From: Lillian-Violet <git@lillianviolet.dev>
Date: Wed, 11 Sep 2024 14:18:22 +0200
Subject: [PATCH] We can't do that because secure boot is on...

---
 flake.nix                            |  2 +-
 nixos/hosts/shodan/configuration.nix | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/flake.nix b/flake.nix
index bf5e57f..03cf2a4 100644
--- a/flake.nix
+++ b/flake.nix
@@ -213,7 +213,7 @@
           # > Our main nixos configuration file <
           ./nixos/hosts/shodan/configuration.nix
           sops-nix.nixosModules.sops
-          #lanzaboote.nixosModules.lanzaboote
+          lanzaboote.nixosModules.lanzaboote
           disko.nixosModules.disko
           jovian.nixosModules.jovian
           home-manager.nixosModules.home-manager
diff --git a/nixos/hosts/shodan/configuration.nix b/nixos/hosts/shodan/configuration.nix
index 3b7eed4..f7e0c3e 100644
--- a/nixos/hosts/shodan/configuration.nix
+++ b/nixos/hosts/shodan/configuration.nix
@@ -207,13 +207,13 @@
   # This setting is usually set to true in configuration.nix
   # generated at installation time. So we force it to false
   # for now.
-  boot.loader.systemd-boot.enable = true;
+  boot.loader.systemd-boot.enable = lib.mkForce false;
   boot.initrd.systemd.enable = true;
 
-  #boot.lanzaboote = {
-  #  enable = true;
-  #  pkiBundle = "/etc/secureboot";
-  #};
+  boot.lanzaboote = {
+    enable = true;
+    pkiBundle = "/etc/secureboot";
+  };
   boot.loader.systemd-boot.configurationLimit = 3;
   boot.loader.timeout = 0;
   boot.loader.efi.canTouchEfiVariables = true;