mauville: enable secureboot and auto luks unlocking

2024-11-25 09:31:54 -05:00 · 2024-08-24 14:36:25 -04:00 · 2024-08-24 14:36:25 -04:00 · 78840bcb6f
parent c850f1dfec
commit 78840bcb6f
1 changed files with 6 additions and 17 deletions
--- a/hosts/mauville/default.nix
+++ b/hosts/mauville/default.nix
@ -33,28 +33,17 @@ in {
  boot = {
    initrd = {
      availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "sd_mod" "r8169"];
+      systemd.enable = true;
+    };

-      network = {
-        enable = true;
-        flushBeforeStage2 = true;
-
-        ssh = {
-          enable = true;
-          hostKeys = [/etc/secrets/initrd/ssh_host_ed25519_key];
-        };
-
-        udhcpc.enable = true;
-
-        postCommands = ''
-          # Automatically ask for the password on SSH login
-          echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile
-        '';
-      };
+    lanzaboote = {
+      enable = true;
+      pkiBundle = "/etc/secureboot";
    };

    loader = {
      efi.canTouchEfiVariables = true;
-      systemd-boot.enable = true;
+      systemd-boot.enable = lib.mkForce false;
    };
  };