diff options
| author | seth <[email protected]> | 2024-07-27 07:18:49 -0400 |
|---|---|---|
| committer | seth <[email protected]> | 2024-07-27 07:18:49 -0400 |
| commit | a9271f2a7794ac151d389f0bcc294f77b3082e5c (patch) | |
| tree | a9d0ec3e65d344148a3a36d1fa8e955f793b1c60 | |
| parent | e3d33b5f86a69bf263464d0149c563e8663bbf27 (diff) | |
glados: remove systemd-boot timeout
| -rw-r--r-- | systems/glados/boot.nix | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/systems/glados/boot.nix b/systems/glados/boot.nix index c88c82b..b236d34 100644 --- a/systems/glados/boot.nix +++ b/systems/glados/boot.nix @@ -7,28 +7,34 @@ { imports = [ inputs.lanzaboote.nixosModules.lanzaboote ]; - environment.systemPackages = with pkgs; [ + environment.systemPackages = [ # manual lanzaboote maintenance (NOTE: i have not actually used this since ~2022) - sbctl + pkgs.sbctl # TODO: is this actually required for using `tpm2-device=auto` to unlock LUKS volumes in initrd? probably - tpm2-tss + pkgs.tpm2-tss ]; boot = { - initrd.systemd.enable = true; + initrd.systemd.enable = true; # for unlocking luks root with tpm2 + kernelPackages = pkgs.linuxPackages_latest; kernelParams = [ "amd_pstate=active" ]; - # lanzaboote replaces this - loader.systemd-boot.enable = lib.mkForce false; + loader.systemd-boot.enable = lib.mkForce false; # lanzaboote replaces this lanzaboote = { enable = true; + pkiBundle = "/etc/secureboot"; + + settings = { + console-mode = "auto"; + editor = false; + timeout = 0; + }; }; - # for game drive - supportedFilesystems = [ "ntfs" ]; + supportedFilesystems = [ "ntfs" ]; # for game drive }; } |