From 0b139c489c9984a740dc2bb391c6869214b91222 Mon Sep 17 00:00:00 2001
From: Seth Flynn <getchoo@tuta.io>
Date: Mon, 10 Feb 2025 14:18:37 -0500
Subject: nixos/lanzaboote: create mixin

---
 systems/glados/boot.nix | 23 +----------------------
 1 file changed, 1 insertion(+), 22 deletions(-)

(limited to 'systems')

diff --git a/systems/glados/boot.nix b/systems/glados/boot.nix
index d68b32c..c9224c8 100644
--- a/systems/glados/boot.nix
+++ b/systems/glados/boot.nix
@@ -2,22 +2,11 @@
   config,
   lib,
   pkgs,
-  inputs,
   ...
 }:
-{
-  imports = [ inputs.lanzaboote.nixosModules.lanzaboote ];
-
-  environment.systemPackages = [
-    # manual lanzaboote maintenance (NOTE: i have not actually used this since ~2022)
-    pkgs.sbctl
-    # TODO: is this actually required for using `tpm2-device=auto` to unlock LUKS volumes in initrd? probably
-    pkgs.tpm2-tss
-  ];
 
+{
   boot = {
-    initrd.systemd.enable = true; # for unlocking luks root with tpm2
-
     kernelPackages = pkgs.linuxKernel.packages.linux_6_11;
 
     kernelParams =
@@ -28,18 +17,8 @@
       # https://github.com/NVIDIA/open-gpu-kernel-modules/issues/693
       ++ lib.optional (!config.hardware.nvidia.open) "nvidia.NVreg_EnableGpuFirmware=0";
 
-    loader.systemd-boot.enable = lib.mkForce false; # lanzaboote replaces this
-
     lanzaboote = {
       enable = true;
-
-      pkiBundle = "/etc/secureboot";
-
-      settings = {
-        console-mode = "auto";
-        editor = false;
-        timeout = 0;
-      };
     };
 
     supportedFilesystems = [ "ntfs" ]; # for game drive
-- 
cgit v1.2.3