From 755450e72efeeb2606589c36a13995c5dfb8c91c Mon Sep 17 00:00:00 2001
From: Kyle Isom <kyle@imap.cc>
Date: Fri, 3 Apr 2026 01:00:19 -0700
Subject: [PATCH] fix orion: remove bogus "crypted" LUKS device reference

The FIDO2 crypttab options are already on the correct UUID-named device
in hardware-configuration.nix; the "crypted" name only applies to
disko-provisioned hosts (rift).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 hw/orion/default.nix | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/hw/orion/default.nix b/hw/orion/default.nix
index 8b56261..1abcaa3 100644
--- a/hw/orion/default.nix
+++ b/hw/orion/default.nix
@@ -10,12 +10,6 @@
   ];
 
   config = {
-    # FIDO2 LUKS unlock (matches vade setup)
-    boot.initrd.luks.devices."crypted".crypttabExtraOpts = [
-      "fido2-device=auto"
-      "token-timeout=10"
-    ];
-
     # Allow rootless containers (Podman) to bind port 53 for CoreDNS (MCNS precursor).
     boot.kernel.sysctl."net.ipv4.ip_unprivileged_port_start" = 53;