nixos/lanzaboote: create mixin

author: Seth Flynn <[email protected]> 2025-02-10 14:18:37 -0500
committer: Seth Flynn <[email protected]> 2025-02-10 20:26:23 -0500
commit: 0b139c489c9984a740dc2bb391c6869214b91222 (patch)
tree: f689fe3533baa08590873cbc4ce67768c09efccb /systems/glados
parent: 688b481cf189d27daad494d3cf5391c8c012ee84 (diff)
1 files changed, 1 insertions, 22 deletions
diff --git a/systems/glados/boot.nix b/systems/glados/boot.nix
index d68b32c..c9224c8 100644
--- a/systems/glados/boot.nix
+++ b/systems/glados/boot.nix
@@ -2,22 +2,11 @@
   config,
   lib,
   pkgs,
-  inputs,
   ...
 }:
-{
-  imports = [ inputs.lanzaboote.nixosModules.lanzaboote ];
-
-  environment.systemPackages = [
-    # manual lanzaboote maintenance (NOTE: i have not actually used this since ~2022)
-    pkgs.sbctl
-    # TODO: is this actually required for using `tpm2-device=auto` to unlock LUKS volumes in initrd? probably
-    pkgs.tpm2-tss
-  ];
 
+{
   boot = {
-    initrd.systemd.enable = true; # for unlocking luks root with tpm2
-
     kernelPackages = pkgs.linuxKernel.packages.linux_6_11;
 
     kernelParams =
@@ -28,18 +17,8 @@
       # https://github.com/NVIDIA/open-gpu-kernel-modules/issues/693
       ++ lib.optional (!config.hardware.nvidia.open) "nvidia.NVreg_EnableGpuFirmware=0";
 
-    loader.systemd-boot.enable = lib.mkForce false; # lanzaboote replaces this
-
     lanzaboote = {
       enable = true;
-
-      pkiBundle = "/etc/secureboot";
-
-      settings = {
-        console-mode = "auto";
-        editor = false;
-        timeout = 0;
-      };
     };
 
     supportedFilesystems = [ "ntfs" ]; # for game drive
author	Seth Flynn <[email protected]>	2025-02-10 14:18:37 -0500
committer	Seth Flynn <[email protected]>	2025-02-10 20:26:23 -0500
commit	0b139c489c9984a740dc2bb391c6869214b91222 (patch)
tree	f689fe3533baa08590873cbc4ce67768c09efccb /systems/glados
parent	688b481cf189d27daad494d3cf5391c8c012ee84 (diff)