diff --git a/hosts/by-name/moby/kernel.nix b/hosts/by-name/moby/kernel.nix
index c3bd92af..e8454382 100644
--- a/hosts/by-name/moby/kernel.nix
+++ b/hosts/by-name/moby/kernel.nix
@@ -267,7 +267,5 @@ in
     "lima.sched_timeout_ms=2000"
   ];
 
-  # services.xserver.displayManager.job.preStart = ensureHWReady;
-  # systemd.services.greetd.preStart = ensureHWReady;
   systemd.services.unl0kr.preStart = ensureHWReady;
 }
diff --git a/hosts/common/ids.nix b/hosts/common/ids.nix
index 3a8b9c81..8af1fbcb 100644
--- a/hosts/common/ids.nix
+++ b/hosts/common/ids.nix
@@ -18,7 +18,7 @@
   sane.ids.matrix-appservice-irc.uid = 993;
   sane.ids.matrix-appservice-irc.gid = 992;
 
-  # greetd (used by sway)
+  # greetd (legacy)
   sane.ids.greeter.uid = 999;
   sane.ids.greeter.gid = 999;
 
diff --git a/hosts/common/users/default.nix b/hosts/common/users/default.nix
index 73ea82b9..e4e2f564 100644
--- a/hosts/common/users/default.nix
+++ b/hosts/common/users/default.nix
@@ -51,12 +51,6 @@ in
   sane.fs."/etc/shadow".symlink.target = "/var/lib/etc_secrets/shadow";
 
   # pam.d ordering (auth section only):
-  # /etc/pam.d/greetd:
-  #   auth optional pam_unix.so likeauth nullok # unix-early (order 11600)
-  #   auth optional /nix/store/051v0pwqfy1z7ld6087y99fdrv12113n-pam_mount-2.20/lib/security/pam_mount.so disable_interactive # mount (order 12000)
-  #   auth optional /nix/store/82zqzh7i88pxybcf48zapnz4v0jf19nm-gnome-keyring-42.1/lib/security/pam_gnome_keyring.so # gnome_keyring (order 12200)
-  #   auth sufficient pam_unix.so likeauth nullok try_first_pass # unix (order 12800)
-  #   auth required pam_deny.so # deny (order 13600)
   # /etc/pam.d/login:
   #   auth optional pam_unix.so likeauth nullok # unix-early (order 11600)
   #   auth optional /nix/store/051v0pwqfy1z7ld6087y99fdrv12113n-pam_mount-2.20/lib/security/pam_mount.so disable_interactive # mount (order 12000)
@@ -104,15 +98,6 @@ in
   # - pam_cap bug, and fix: <https://bugzilla.kernel.org/show_bug.cgi?id=212945#c5>
   # - may need to use keepcaps + defer: <https://bugzilla.kernel.org/show_bug.cgi?id=214377#c3>
 
-  # security.pam.services.greetd.rules = {
-  #   # 2024/01/28: greetd seems to get its caps from systemd (pid1), no matter what i do.
-  #   auth.pam_cap = {
-  #     order = 12700;
-  #     control = "optional";
-  #     modulePath = "${libcapForPam.pam}/lib/security/pam_cap.so";
-  #     args = [ "keepcaps" "defer" "debug" ];  #< doesn't take effect
-  #   };
-  # };
   security.pam.services.login.rules = {
     # keepcaps + defer WORKS
     auth.pam_cap = {
diff --git a/hosts/modules/gui/default.nix b/hosts/modules/gui/default.nix
index 0b453051..8a4521d2 100644
--- a/hosts/modules/gui/default.nix
+++ b/hosts/modules/gui/default.nix
@@ -7,7 +7,6 @@ let
 in
 {
   imports = [
-    ./greetd.nix
     ./gtk.nix
     ./theme
   ];
diff --git a/hosts/modules/gui/greetd.nix b/hosts/modules/gui/greetd.nix
deleted file mode 100644
index d2af8799..00000000
--- a/hosts/modules/gui/greetd.nix
+++ /dev/null
@@ -1,128 +0,0 @@
-# greetd source/docs:
-# - <https://git.sr.ht/~kennylevinsen/greetd>
-{ config, lib, pkgs, ... }:
-
-let
-  systemd-cat = "${pkgs.systemd}/bin/systemd-cat";
-  runWithLogger = identifier: cmd: pkgs.writeShellScriptBin identifier ''
-    echo "launching ${identifier}..." | ${systemd-cat} --identifier=${identifier}
-    ${cmd} 2>&1 | ${systemd-cat} --identifier=${identifier}
-  '';
-  cfg = config.sane.gui.greetd;
-in
-{
-  options = with lib; {
-    sane.gui.greetd.enable = mkOption {
-      default = false;
-      type = types.bool;
-    };
-    sane.gui.greetd.session.command = mkOption {
-      type = types.str;
-      description = ''
-        name to use for the default session in syslog.
-      '';
-    };
-    sane.gui.greetd.session.name = mkOption {
-      default = "greetd-session";
-      type = types.str;
-      description = "name of session to use in logger";
-    };
-    sane.gui.greetd.session.user = mkOption {
-      default = null;
-      type = types.nullOr types.str;
-    };
-
-    # helpers for common things to layer on top of greetd
-    sane.gui.greetd.sway.enable = mkOption {
-      default = false;
-      type = types.bool;
-      description = ''
-        use sway as a wayland compositor in which to host a graphical greeter like gtkgreet, phog, etc.
-      '';
-    };
-    sane.gui.greetd.sway.greeterCmd = mkOption {
-      type = types.nullOr types.str;
-      default = null;
-      description = ''
-        command for sway to `exec` that provides the actual graphical greeter.
-      '';
-    };
-    sane.gui.greetd.sway.gtkgreet.enable = mkOption {
-      default = false;
-      type = types.bool;
-      description = ''
-        have sway launch gtkgreet instead of directly presenting a desktop.
-      '';
-    };
-    sane.gui.greetd.sway.gtkgreet.session.command = mkOption {
-      type = types.str;
-      description = ''
-        command for gtkgreet to execute on successful authentication.
-      '';
-    };
-    sane.gui.greetd.sway.gtkgreet.session.name = mkOption {
-      type = types.str;
-      description = ''
-        name to use for the default session in syslog and in the gtkgreet menu.
-        note that this `sessionName` will become a binary on the user's PATH.
-      '';
-    };
-    sane.gui.greetd.sway.gtkgreet.session.user = mkOption {
-      type = types.str;
-      default = "colin";
-      description = ''
-        name of user which one expects to login as.
-      '';
-    };
-  };
-
-  config = lib.mkIf cfg.enable (lib.mkMerge [
-    (lib.mkIf cfg.sway.enable {
-      sane.gui.greetd.session = if cfg.sway.greeterCmd != null then {
-        name = "sway-as-greeter";
-        command = let
-          swayAsGreeterConfig = pkgs.writeText "sway-as-greeter-config" ''
-            exec ${cfg.sway.greeterCmd}
-          '';
-        in "${pkgs.sway}/bin/sway --debug --config ${swayAsGreeterConfig}";
-      } else {
-        name = "sway";
-        user = lib.mkDefault "colin";
-        command = "${pkgs.sway}/bin/sway --debug";
-      };
-    })
-    (lib.mkIf cfg.sway.gtkgreet.enable (
-      let
-        inherit (cfg.sway.gtkgreet) session;
-        sessionProvider = runWithLogger session.name session.command;
-      in {
-        # gtkgreet shows the --command argument in the UI
-        # - so we want it to look nice (not a /nix/store/... path)
-        # - to do that we put it in the user's PATH.
-        sane.gui.greetd.sway.greeterCmd = "${pkgs.greetd.gtkgreet}/bin/gtkgreet --layer-shell --command ${session.name}";
-        users.users.${session.user}.packages = [ sessionProvider ];
-      }
-    ))
-
-    {
-      services.greetd = {
-        enable = true;
-
-        # i could have gtkgreet launch the session directly: but stdout/stderr gets dropped
-        # settings.default_session.command = cfg.session.command;
-
-        # wrapper to launch with stdout/stderr redirected to system journal.
-        settings.default_session.command = let
-          launchWithLogger = runWithLogger cfg.session.name cfg.session.command;
-        in "${launchWithLogger}/bin/${cfg.session.name}";
-      };
-
-      # persisting fontconfig & mesa_shader_cache improves start time by ~5x
-      users.users.greeter.home = "/var/lib/greeter";
-      sane.persist.sys.byStore.plaintext = [
-        { user = "greeter"; group = "greeter"; path = "/var/lib/greeter/.cache/fontconfig"; }
-        { user = "greeter"; group = "greeter"; path = "/var/lib/greeter/.cache/mesa_shader_cache"; }
-      ];
-    }
-  ]);
-}