From c35a38f8348292fa135949738e147c886e3da585 Mon Sep 17 00:00:00 2001
From: teutat3s <teutates@mailbox.org>
Date: Sun, 24 Oct 2021 01:18:33 +0200
Subject: [PATCH] x-os: prepare booting from unencrypted /boot partition

---
 modules/x-os/boot.nix | 27 +++------------------------
 1 file changed, 3 insertions(+), 24 deletions(-)

diff --git a/modules/x-os/boot.nix b/modules/x-os/boot.nix
index 5068590e..51cd5b4b 100644
--- a/modules/x-os/boot.nix
+++ b/modules/x-os/boot.nix
@@ -3,40 +3,19 @@
 let
   cfg = config.pub-solar.x-os;
 in
-with lib; {
-  options = {
-    pub-solar.x-os.keyfile = mkOption {
-      type = types.str;
-      description = "Keyfile location";
-    };
-  };
-
+{
   config = {
     # Enable plymouth for better experience of booting
     boot.plymouth.enable = true;
 
-    # Use Keyfile to unlock the root partition to avoid keying in twice.
+    # Mount / luks device in initrd
     # Allow fstrim to work on it.
     boot.initrd = {
-      secrets = { "/keyfile.bin" = cfg.keyfile; };
       luks.devices."cryptroot" = {
-        keyFile = "/keyfile.bin";
         allowDiscards = true;
-        fallbackToPassword = true;
       };
     };
 
-    # Use GRUB with encrypted /boot under EFI env.
-    boot.loader = {
-      efi.efiSysMountPoint = "/boot/efi";
-
-      grub = {
-        enable = true;
-        version = 2;
-        device = "nodev";
-        efiSupport = true;
-        enableCryptodisk = true;
-      };
-    };
+    boot.loader.systemd-boot.enable = true;
   };
 }