unexplrd/nixos-blueprint
2
2
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add lanzaboote

Browse Source 
Signed-off-by: unexplrd <unexplrd@linerds.us>
This commit is contained in:
unexplrd
2025-03-28 16:13:37 +02:00
parent 852c5b0655
commit 897a472d60
3 changed files with 177 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

173
flake.lock generated
View File

@ -164,6 +164,21 @@
"type": "github"
}
},
"crane": {
"locked": {
"lastModified": 1731098351,
"narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=",
"owner": "ipetkov",
"repo": "crane",
"rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
@ -240,6 +255,22 @@
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
@ -255,6 +286,27 @@
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1730504689,
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "506278e768c2a08bec68eb62932193e341f55c90",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"stylix",
@ -384,7 +436,7 @@
"stylix",
"flake-compat"
],
"gitignore": "gitignore_2",
"gitignore": "gitignore_3",
"nixpkgs": [
"stylix",
"nixpkgs"
@ -427,6 +479,28 @@
}
},
"gitignore_2": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"pre-commit-hooks-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gitignore_3": {
"inputs": {
"nixpkgs": [
"stylix",
@ -865,6 +939,32 @@
"type": "github"
}
},
"lanzaboote": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1737639419,
"narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "a65905a09e2c43ff63be8c0e86a93712361f871e",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "v0.4.2",
"repo": "lanzaboote",
"type": "github"
}
},
"lix": {
"inputs": {
"flake-utils": "flake-utils",
@ -990,6 +1090,22 @@
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1730741070,
"narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1742889210,
@ -1040,7 +1156,7 @@
},
"nur": {
"inputs": {
"flake-parts": "flake-parts",
"flake-parts": "flake-parts_2",
"nixpkgs": [
"stylix",
"nixpkgs"
@ -1084,6 +1200,33 @@
"type": "github"
}
},
"pre-commit-hooks-nix": {
"inputs": {
"flake-compat": [
"lanzaboote",
"flake-compat"
],
"gitignore": "gitignore_2",
"nixpkgs": [
"lanzaboote",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1731363552,
"narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": {
"inputs": {
"blueprint": "blueprint",
@ -1093,6 +1236,7 @@
"home-manager": "home-manager_2",
"hyprland": "hyprland",
"hyprsunset": "hyprsunset",
"lanzaboote": "lanzaboote",
"lix": "lix",
"mysecrets": "mysecrets",
"nix-flatpak": "nix-flatpak",
@ -1121,6 +1265,27 @@
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1731897198,
"narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "0be641045af6d8666c11c2c40e45ffc9667839b5",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_2": {
"inputs": {
"nixpkgs": "nixpkgs_4"
},
@ -1165,7 +1330,7 @@
"base16-helix": "base16-helix",
"base16-vim": "base16-vim",
"firefox-gnome-theme": "firefox-gnome-theme",
"flake-compat": "flake-compat_2",
"flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_2",
"git-hooks": "git-hooks",
"gnome-shell": "gnome-shell",
@ -1393,7 +1558,7 @@
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay"
"rust-overlay": "rust-overlay_2"
},
"locked": {
"lastModified": 1742996487,

2
flake.nix
View File

@ -9,6 +9,7 @@
home-manager.url = "github:nix-community/home-manager";
hyprland.url = "github:hyprwm/Hyprland";
hyprsunset.url = "github:hyprwm/hyprsunset";
lanzaboote.url = "github:nix-community/lanzaboote/v0.4.2";
lix.url = "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0-2.tar.gz";
mysecrets.url = "git+ssh://gitea@gitea.linerds.us/unexplrd/nix-secrets";
# neve.url = "git+https://gitea.linerds.us/unexplrd/Neve";
@ -29,6 +30,7 @@
hyprsunset.inputs.hyprland-protocols.follows = "hyprland/hyprland-protocols";
hyprsunset.inputs.hyprutils.follows = "hyprland/hyprutils";
hyprsunset.inputs.nixpkgs.follows = "nixpkgs";
lanzaboote.inputs.nixpkgs.follows = "nixpkgs";
lix.inputs.nixpkgs.follows = "nixpkgs";
mysecrets.flake = false;
# neve.inputs.nixvim.follows = "nixvim";

7
hosts/eldrid/configuration.nix
View File

@ -7,6 +7,7 @@
}: {
imports = with inputs; [
chaotic.nixosModules.default
lanzaboote.nixosModules.lanzaboote
lix.nixosModules.default
self.nixosModules.desktop
self.nixosModules.system
@ -61,9 +62,13 @@
plymouth.enable = true;
loader.efi.canTouchEfiVariables = true;
loader.systemd-boot = {
enable = true;
enable = !config.boot.lanzaboote.enable;
consoleMode = "auto";
};
lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
};
console = {