diff --git a/flake.nix b/flake.nix
index f2a8b0f..b4a67f8 100644
--- a/flake.nix
+++ b/flake.nix
@@ -40,18 +40,7 @@
         users = [
           "jml"
         ];
-        extraModules = [
-          { nixpkgs.config.allowUnfree = true; }
-          disko.nixosModules.disko
-          ./hosts/titanium/disko.nix  # TODO: Import this in mkSystem if both the file and module exist.
-          lanzaboote.nixosModules.lanzaboote
-          ({ pkgs, lib, ... }: {
-            environment.systemPackages = [ pkgs.sbctl ];
-            boot.loader.systemd-boot.enable = lib.mkForce false;
-            boot.lanzaboote.enable = true;
-            boot.lanzaboote.pkiBundle = "/var/lib/sbctl";
-          })
-        ];
+        extraModules = [];
       };
       # `nix build .#nixosConfigurations.installIso.config.system.build.isoImage`
       # https://github.com/nix-community/nixos-generators
diff --git a/hosts/titanium/default.nix b/hosts/titanium/default.nix
index bba79e0..23d9076 100644
--- a/hosts/titanium/default.nix
+++ b/hosts/titanium/default.nix
@@ -1,5 +1,6 @@
 { inputs, ... }:
 {
+  nixpkgs.config.allowUnfree = true;
   imports = [
     ../../modules/nixos/base.nix
     ../../modules/nixos/audio.nix
@@ -9,5 +10,8 @@
     #./hardware.nix
     ./configuration.nix
     ./nvidia.nix
+    ./secure-boot.nix
+    inputs.disko.nixosModules.disko
+    ./disko.nix
   ];
 }
diff --git a/hosts/titanium/secure-boot.nix b/hosts/titanium/secure-boot.nix
new file mode 100644
index 0000000..82f4d98
--- /dev/null
+++ b/hosts/titanium/secure-boot.nix
@@ -0,0 +1,7 @@
+{ pkgs, lib, inputs, ... }: {
+  imports = with inputs; [ lanzaboote.nixosModules.lanzaboote ];
+  environment.systemPackages = [ pkgs.sbctl ];
+  boot.loader.systemd-boot.enable = lib.mkForce false;
+  boot.lanzaboote.enable = true;
+  boot.lanzaboote.pkiBundle = "/var/lib/sbctl";
+}