feat: cleanup, secure boot for framework

nixos/profiles/bootable/grub.nix

@@ -1,8 +1,9 @@
-_: {
-  boot.loader = {
+{config, lib, ... }: let
+    inherit (lib.modules) mkIf;
+ in {
+  boot.loader = mkIf (config.boot.loader.grub.enable) {
     timeout = null;
     grub = {
-      enable = false;
       useOSProber = true;
       splashImage = ./splash.jpg;
       extraConfig = ''

nixos/profiles/bootable/zfs.nix

@@ -1,14 +0,0 @@
-{
-  std,
-  config,
-  lib,
-  ...
-}: let
-  inherit (std) list;
-  inherit (lib.modules) mkDefault mkIf;
-in {
-  boot = mkIf (list.elem "zfs" config.boot.supportedFilesystems) {
-    kernelPackages = mkDefault config.boot.zfs.package.latestCompatibleLinuxPackages;
-    zfs.enableUnstable = true;
-  };
-}

nixos/profiles/uefi.nix

@@ -0,0 +1,13 @@
+_: {
+  boot.loader = {
+    grub = {
+      devices = ["nodev"];
+      efiSupport = true;
+      gfxmodeEfi = "1920x1080";
+    };
+    efi = {
+      canTouchEfiVariables = true;
+      efiSysMountPoint = "/boot";
+    };
+  };
+}

nixos/profiles/wireless/wifi.nix

@@ -12,6 +12,7 @@ in {
   networking = {
     networkmanager = {
       enable = true;
+      wifi.backend = "iwd";
       connectionConfig = {
         "ipv6.ip6-privacy" = mkForce 0;
       };