From 78840bcb6f22632deb250cfc0a298e5d7e325526 Mon Sep 17 00:00:00 2001
From: Aly Raffauf <aly@raffauflabs.com>
Date: Sat, 24 Aug 2024 14:36:25 -0400
Subject: [PATCH] mauville: enable secureboot and auto luks unlocking

---
 hosts/mauville/default.nix | 23 ++++++-----------------
 1 file changed, 6 insertions(+), 17 deletions(-)

diff --git a/hosts/mauville/default.nix b/hosts/mauville/default.nix
index 3a342873..15bc1458 100644
--- a/hosts/mauville/default.nix
+++ b/hosts/mauville/default.nix
@@ -33,28 +33,17 @@ in {
   boot = {
     initrd = {
       availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "sd_mod" "r8169"];
+      systemd.enable = true;
+    };
 
-      network = {
-        enable = true;
-        flushBeforeStage2 = true;
-
-        ssh = {
-          enable = true;
-          hostKeys = [/etc/secrets/initrd/ssh_host_ed25519_key];
-        };
-
-        udhcpc.enable = true;
-
-        postCommands = ''
-          # Automatically ask for the password on SSH login
-          echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile
-        '';
-      };
+    lanzaboote = {
+      enable = true;
+      pkiBundle = "/etc/secureboot";
     };
 
     loader = {
       efi.canTouchEfiVariables = true;
-      systemd-boot.enable = true;
+      systemd-boot.enable = lib.mkForce false;
     };
   };