From 5775bc88d6943296a312d6ae2c373672d6f209b6 Mon Sep 17 00:00:00 2001
From: "Lennart J. Kurzweg (Nx2)" <git@nx2.site>
Date: Tue, 10 Jun 2025 19:30:01 +0200
Subject: [PATCH] lanazboote fix

---
 flake.nix               |  2 +-
 system-modules/boot.nix | 52 ++---------------------------------------
 2 files changed, 3 insertions(+), 51 deletions(-)

diff --git a/flake.nix b/flake.nix
index 5f06978..c9fe5b7 100644
--- a/flake.nix
+++ b/flake.nix
@@ -12,7 +12,7 @@
     nix-on-droid =     { url = "github:nix-community/nix-on-droid/release-24.05";     inputs.nixpkgs.follows = "nixpkgs";   };
 
     sops-nix =         { url = "github:Mic92/sops-nix";                               inputs.nixpkgs.follows = "nixpkgs";   };
-    lanzaboote =       { url = "github:nix-community/lanzaboote/v0.3.0";                                                    };
+    lanzaboote =       { url = "github:nix-community/lanzaboote/v0.4.2";                                                    };
 
     hyprland =         { url = "git+https://github.com/hyprwm/Hyprland?submodules=1";                                       };
     hyprland-plugins = { url = "github:hyprwm/hyprland-plugins";                      inputs.hyprland.follows = "hyprland"; };
diff --git a/system-modules/boot.nix b/system-modules/boot.nix
index 6c8251b..0bbf8e9 100644
--- a/system-modules/boot.nix
+++ b/system-modules/boot.nix
@@ -17,62 +17,14 @@ in
       
     environment.systemPackages = with pkgs; [ sbctl ];
     boot = {
-      lanzaboote =  let
-        windows-efi-shell-fs-alias = "HD0a65535a2"; 
-      in {
+      lanzaboote = {
         enable = true;
-        pkiBundle = "/etc/secureboot";
-        package = pkgs.lib.mkForce (pkgs.writeShellApplication {
-          name = "lzbt";
-          runtimeInputs = [
-            inputs.lanzaboote.packages.x86_64-linux.tool
-            pkgs.coreutils
-            pkgs.sbctl
-          ];
-          # https://forum.endeavouros.com/t/tutorial-add-a-systemd-boot-loader-menu-entry-for-a-windows-installation-using-a-separate-esp-partition/37431
-          text = /*bash*/ ''
-            # execute normal lanazboote functionality
-            lzbt "$@"
-
-            # Create windows.nsh file 
-            ESP='${config.boot.loader.efi.efiSysMountPoint}'
-            echo "${windows-efi-shell-fs-alias}:EFI\Microsoft\Boot\Bootmgfw.efi" > "$ESP/windows.nsh"
-            
-            # cp efi-shell boot file
-            # systemd-boot will automatically add an entry for it 
-            cp -f '${pkgs.edk2-uefi-shell.efi}' "$ESP/shellx64.efi"
-            # should exist already
-            mkdir -p "$ESP/loader/entries"
-            # sign shell file
-            sbctl sign -s "$ESP/shellx64.efi"
-            # Create windows.conf boot entry
-            cat << EOF > "$ESP/loader/entries/windows.conf"
-            title   Windows-Hack
-            efi     /shellx64.efi
-            options -nointerrupt -noconsolein -noconsoleout windows.nsh
-            EOF
-          '';
-        });
+        pkiBundle = "/var/lib/sbctl";
       };
       loader.systemd-boot = {
         enable = false; # let lanzaboote install systemd-boot
         consoleMode = "max";
         configurationLimit = 10;
-        # extraEntries = {
-        #   "Windo7s-11.conf" = ''
-        #     Windows eleven
-        #     search --file --no-floppy --set=root /EFI/Microsoft/Boot/bootmgfw.efi
-        #     chainloader (''${root})/EFI/Microsoft/Boot/bootmgfw.efi
-        #   '';
-        #   "Firmware.conf" = ''
-        #     Firmware
-        #     fwsetup
-        #   '';
-        #   "Shutdown.conf" = ''
-        #     title Shutdown
-        #     halt
-        #   '';
-        # };
       };
       kernelPackages = pkgs.linuxPackages_zen;
       extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];