ctucx.git: nixfiles

machines/seifenkiste: add lanzaboote

diff --git a/machines/seifenkiste/default.nix b/machines/seifenkiste/default.nix
@@ -13,9 +13,14 @@
   ctucxConfig.monitoring.exporters.enable = true;
 
   boot = {
-    loader.systemd-boot.enable = true;
+    loader.systemd-boot.enable = lib.mkForce false;
     loader.efi.canTouchEfiVariables = true;
 
+    lanzaboote = {
+      enable = true;
+      pkiBundle = "/etc/secureboot";
+    };
+
     kernelPackages = pkgs.linuxPackages_latest;
   };