diff --git a/modules/optional/secureboot.nix b/modules/optional/secureboot.nix
index 32ed161..0a460c4 100644
--- a/modules/optional/secureboot.nix
+++ b/modules/optional/secureboot.nix
@@ -6,7 +6,10 @@
 }: {
   environment.systemPackages = [
     # For debugging and troubleshooting Secure Boot.
-    pkgs.sbctl
+    pkgs.sbctl.override
+    {
+      databasePath = "/run/secureboot";
+    }
   ];
   age.secrets.secureboot.rekeyFile = ../../hosts/${config.node.name}/secrets/secureboot.tar.age;
   system.activationScripts.securebootuntar = {
diff --git a/nix/hosts.nix b/nix/hosts.nix
index 495b7c2..9ad5203 100644
--- a/nix/hosts.nix
+++ b/nix/hosts.nix
@@ -55,7 +55,11 @@ inputs: let
       meta = {
         # Just a required dummy for colmena, overwritten on a per-node basis by nodeNixpkgs below.
         nixpkgs = self.pkgs.x86_64-linux;
-        nodeNixpkgs = mapNixosConfigs (v: v.pkgs);
+        nodeNixpkgs = mapNixosConfigs (v:
+          import inputs.nixpkgs {
+            inherit (v._module.args.pkgs.stdenv.hostPlatform) system;
+            inherit (v._module.args.pkgs) config;
+          });
         nodeSpecialArgs = mapNixosConfigs (v: v._module.specialArgs);
       };
     }