diff --git a/flake.nix b/flake.nix
index 91b7bb8..30c82aa 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,15 +1,26 @@
 {
-  description = "A simple NixOS flake";
+  description = "SecureBoot-enabled NixOS config";
 
   inputs = {
-    # NixOS official package source, using unstable here
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+    nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.05";
+
+    home-manager = {
+      url = "github:nix-community/home-manager/master";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    home-manager-stable = {
+      url = "github:nix-community/home-manager/release-25.05";
+      inputs.nixpkgs.follows = "nixpkgs-stable";
+    };
+
     nur = {
       url = "github:nix-community/NUR";
       inputs.nixpkgs.follows = "nixpkgs";
     };
-    home-manager = {
-      url = "github:nix-community/home-manager/master";
+
+    lanzaboote = {
+      url = "github:nix-community/lanzaboote/v0.4.2";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     sops-nix = {
@@ -17,12 +28,6 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.05";
-    home-manager-stable = {
-      url = "github:nix-community/home-manager/release-25.05";
-      inputs.nixpkgs.follows = "nixpkgs-stable";
-    };
-
     catppuccin.url = "github:catppuccin/nix";
     hyprland.url = "github:hyprwm/Hyprland";
     plasma-manager = {
@@ -35,6 +40,7 @@
   outputs = {
     self,
     catppuccin,
+    lanzaboote,
     nur,
     plasma-manager,
     sops-nix,
@@ -107,7 +113,7 @@
         host = hosts.anzu;
         nixpkgs = inputs.nixpkgs;
         home-manager = inputs.home-manager;
-        modules = [];
+        modules = [lanzaboote.nixosModules.lanzaboote];
       };
       ichigo = mkNixOSConfigurations {
         host = hosts.ichigo;
diff --git a/home/hypr.nix b/home/hypr.nix
index 5448f40..d2c2f0e 100644
--- a/home/hypr.nix
+++ b/home/hypr.nix
@@ -51,6 +51,7 @@
     brightnessctl
     helvum
   ];
+
   services.hyprpolkitagent.enable = true;
 
   services.hyprsunset.enable = true;
@@ -63,6 +64,8 @@
     };
   };
 
+  services.network-manager-applet.enable = true;
+
   wayland.windowManager.hyprland = {
     enable = false;
     package = null;
diff --git a/nixos/base.nix b/nixos/base.nix
index ba259b6..9632c2d 100644
--- a/nixos/base.nix
+++ b/nixos/base.nix
@@ -162,6 +162,7 @@
     python3
     qemu
     rustup
+    sbctl
     usbutils
     wget
     yubikey-manager