Moduls/Bootloader: Add lanzaboote option

system/modules/bootloader/default.nix

@@ -1,4 +1,5 @@
 {
+  pkgs,
   config,
   lib,
   mylib,
@@ -31,5 +32,20 @@ in {
         device = bootloader.grub.bootDevice;
       };
     })
+    (lib.mkIf (bootloader.loader == "lanzaboote") {
+      environment.systemPackages = with pkgs; [
+        sbctl
+      ];
+
+      # Lanzaboote replaces systemd-boot
+      boot.loader.systemd-boot.enable = lib.mkForce false;
+
+      boot.lanzaboote = {
+        enable = true;
+
+        # WARN: Make sure to persist this if using impermanence!
+        pkiBundle = "/var/lib/sbctl";
+      };
+    })
   ]);
 }

system/modules/bootloader/options.nix

@@ -9,6 +9,7 @@
     type = lib.types.enum [
       "grub"
       "systemd-boot"
+      "lanzaboote"
     ];
     description = "What boot loader to use";
     example = "systemd-boot";