Merge pull request 'feature: boot from unencrypted /boot partition' (#53) from feature/separate-boot-partition into main

Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/53
Reviewed-by: Benjamin Bädorf <b12f@noreply.example.org>

modules/x-os/boot.nix

@@ -3,40 +3,19 @@
 let
   cfg = config.pub-solar.x-os;
 in
-with lib; {
-  options = {
-    pub-solar.x-os.keyfile = mkOption {
-      type = types.str;
-      description = "Keyfile location";
-    };
-  };
-
+{
   config = {
     # Enable plymouth for better experience of booting
     boot.plymouth.enable = true;
 
-    # Use Keyfile to unlock the root partition to avoid keying in twice.
+    # Mount / luks device in initrd
     # Allow fstrim to work on it.
     boot.initrd = {
-      secrets = { "/keyfile.bin" = cfg.keyfile; };
       luks.devices."cryptroot" = {
-        keyFile = "/keyfile.bin";
         allowDiscards = true;
-        fallbackToPassword = true;
       };
     };
 
-    # Use GRUB with encrypted /boot under EFI env.
-    boot.loader = {
-      efi.efiSysMountPoint = "/boot/efi";
-
-      grub = {
-        enable = true;
-        version = 2;
-        device = "nodev";
-        efiSupport = true;
-        enableCryptodisk = true;
-      };
-    };
+    boot.loader.systemd-boot.enable = true;
   };
 }