glados: remove systemd-boot timeout

author: seth <[email protected]> 2024-07-27 07:18:49 -0400
committer: seth <[email protected]> 2024-07-27 07:18:49 -0400
commit: a9271f2a7794ac151d389f0bcc294f77b3082e5c (patch)
tree: a9d0ec3e65d344148a3a36d1fa8e955f793b1c60 /systems
parent: e3d33b5f86a69bf263464d0149c563e8663bbf27 (diff)
1 files changed, 14 insertions, 8 deletions
diff --git a/systems/glados/boot.nix b/systems/glados/boot.nix
index c88c82b..b236d34 100644
--- a/systems/glados/boot.nix
+++ b/systems/glados/boot.nix
@@ -7,28 +7,34 @@
 {
   imports = [ inputs.lanzaboote.nixosModules.lanzaboote ];
 
-  environment.systemPackages = with pkgs; [
+  environment.systemPackages = [
     # manual lanzaboote maintenance (NOTE: i have not actually used this since ~2022)
-    sbctl
+    pkgs.sbctl
     # TODO: is this actually required for using `tpm2-device=auto` to unlock LUKS volumes in initrd? probably
-    tpm2-tss
+    pkgs.tpm2-tss
   ];
 
   boot = {
-    initrd.systemd.enable = true;
+    initrd.systemd.enable = true; # for unlocking luks root with tpm2
+
     kernelPackages = pkgs.linuxPackages_latest;
 
     kernelParams = [ "amd_pstate=active" ];
 
-    # lanzaboote replaces this
-    loader.systemd-boot.enable = lib.mkForce false;
+    loader.systemd-boot.enable = lib.mkForce false; # lanzaboote replaces this
 
     lanzaboote = {
       enable = true;
+
       pkiBundle = "/etc/secureboot";
+
+      settings = {
+        console-mode = "auto";
+        editor = false;
+        timeout = 0;
+      };
     };
 
-    # for game drive
-    supportedFilesystems = [ "ntfs" ];
+    supportedFilesystems = [ "ntfs" ]; # for game drive
   };
 }
author	seth <[email protected]>	2024-07-27 07:18:49 -0400
committer	seth <[email protected]>	2024-07-27 07:18:49 -0400
commit	a9271f2a7794ac151d389f0bcc294f77b3082e5c (patch)
tree	a9d0ec3e65d344148a3a36d1fa8e955f793b1c60 /systems
parent	e3d33b5f86a69bf263464d0149c563e8663bbf27 (diff)