feat: merge bootloader related features

hosts/fw16/configuration.nix

@@ -10,16 +10,13 @@
     inputs.nixos-hardware.nixosModules.framework-16-amd-ai-300-series
   ];
 
-  features.bootloader.plymouth.enable = true;
+  features.bootloader.resumeDevice = "/dev/mapper/vg0-swap";
   features.desktop.bluetooth.enable = true;
   features.gnupg.yubikey.enable = true;
   features.udev = {
     ledger.enable = true;
     keyboard-zsa.enable = true;
   };
-  features.power.resumeDevice = "/dev/disk/by-uuid/ff4750e7-3a9f-42c2-bb68-c458a6560540";
-
-  boot.kernelParams = [ "pcie_aspm.policy=powersupersave" ];
 
   programs.nix-ld.libraries = options.programs.nix-ld.libraries.default;
 

hosts/fw16/hardware-configuration.nix

@@ -37,10 +37,7 @@
   fileSystems."/boot" = {
     device = "/dev/disk/by-uuid/42D9-FAFD";
     fsType = "vfat";
-    options = [
-      "fmask=0022"
-      "dmask=0022"
-    ];
+    options = [ "umask=0077" ];
   };
 
   swapDevices = [

hosts/tower/configuration.nix

@@ -8,7 +8,11 @@
   features.nix-settings.towerCache.enable = false;
   features.bootloader = {
     mode = "lanzaboote";
-    plymouth.enable = true;
+    initrdSsh = {
+      enable = true;
+      networkModule = "r8169";
+      authorizedKeys = userKeys.sshAuthorizedKeys;
+    };
   };
   features.desktop.bluetooth.enable = true;
   features.gnupg.yubikey.enable = true;
@@ -16,17 +20,14 @@
     ledger.enable = true;
     keyboard-zsa.enable = true;
   };
-  features.initrd-ssh = {
-    networkModule = "r8169";
-    authorizedKeys = userKeys.sshAuthorizedKeys;
-  };
 
   # nix store signing
   sops.secrets.nix-signing-key.sopsFile = ../../secrets/tower.yaml;
   nix.settings.secret-key-files = [ config.sops.secrets.nix-signing-key.path ];
 
   boot.kernelParams = [ "btusb.reset=1" ];
-  # early kms so plymouth lands on amdgpu, not simpledrm
+  # pairs with bootloader's simpledrm initcall blacklist: amdgpu owns fbcon
+  # from the start, no driver-swap mode-set
   hardware.amdgpu.initrd.enable = true;
 
   services.udisks2.enable = true;