diff --git a/flake.lock b/flake.lock index 7b065bd..77c4b8f 100644 --- a/flake.lock +++ b/flake.lock @@ -84,6 +84,21 @@ "type": "github" } }, + "crane": { + "locked": { + "lastModified": 1731098351, + "narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=", + "owner": "ipetkov", + "repo": "crane", + "rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, "firefox-gnome-theme": { "flake": false, "locked": { @@ -101,6 +116,22 @@ } }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "locked": { "lastModified": 1733328505, "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", @@ -116,6 +147,27 @@ } }, "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1730504689, + "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "stylix", @@ -180,7 +232,7 @@ "stylix", "flake-compat" ], - "gitignore": "gitignore", + "gitignore": "gitignore_2", "nixpkgs": [ "stylix", "nixpkgs" @@ -201,6 +253,28 @@ } }, "gitignore": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "pre-commit-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_2": { "inputs": { "nixpkgs": [ "stylix", @@ -246,11 +320,11 @@ ] }, "locked": { - "lastModified": 1747184352, - "narHash": "sha256-GBZulv50wztp5cgc405t1uOkxQYhSkMqeKLI+iSrlpk=", + "lastModified": 1747367409, + "narHash": "sha256-JUcfcXCsoerQNQDhujj6LNBI/9LOkjUrLNR0tjcU0Gc=", "owner": "nix-community", "repo": "home-manager", - "rev": "7c1cefb98369cc85440642fdccc1c1394ca6dd2c", + "rev": "a1a72d18ee75ce4559b5f59296a7b2d37f608c1c", "type": "github" }, "original": { @@ -267,11 +341,11 @@ ] }, "locked": { - "lastModified": 1747021744, - "narHash": "sha256-IDsM/9/tHQBlhG3tXI2fTM84AUN1uRa7JDPT1LMlGes=", + "lastModified": 1747279714, + "narHash": "sha256-UdxlE8yyrKiGq3bgGyJ78AdFwh+fuRAruKtyFY5Zq5I=", "owner": "nix-community", "repo": "home-manager", - "rev": "fb061f555f821fe4fb49f8f6f2a0cc3d5728bd52", + "rev": "954615c510c9faa3ee7fb6607ff72e55905e69f2", "type": "github" }, "original": { @@ -280,6 +354,30 @@ "type": "github" } }, + "lanzaboote": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", + "nixpkgs": "nixpkgs", + "pre-commit-hooks-nix": "pre-commit-hooks-nix", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1737639419, + "narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=", + "owner": "nix-community", + "repo": "lanzaboote", + "rev": "a65905a09e2c43ff63be8c0e86a93712361f871e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "v0.4.2", + "repo": "lanzaboote", + "type": "github" + } + }, "nixCats": { "locked": { "lastModified": 1741608660, @@ -297,11 +395,43 @@ }, "nixpkgs": { "locked": { - "lastModified": 1746904237, - "narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=", + "lastModified": 1731919951, + "narHash": "sha256-vOM6ETpl1yu9KLi/icTmLJIPbbdJCdAVYUXZceO/Ce4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "04386ac325a813047fc314d4b4d838a5b1e3c7fe", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1730741070, + "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1747179050, + "narHash": "sha256-qhFMmDkeJX9KJwr5H32f1r7Prs7XbQWtO0h3V0a0rFY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956", + "rev": "adaa24fbf46737f3f1b5497bf64bae750f82942e", "type": "github" }, "original": { @@ -311,7 +441,7 @@ "type": "github" } }, - "nixpkgs_2": { + "nixpkgs_3": { "locked": { "lastModified": 1741462378, "narHash": "sha256-ZF3YOjq+vTcH51S+qWa1oGA9FgmdJ67nTNPG2OIlXDc=", @@ -330,7 +460,7 @@ "nixvim": { "inputs": { "nixCats": "nixCats", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "plugins-blink-ripgrep": "plugins-blink-ripgrep", "plugins-pomo-nvim": "plugins-pomo-nvim" }, @@ -350,7 +480,7 @@ }, "nur": { "inputs": { - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_2", "nixpkgs": [ "stylix", "nixpkgs" @@ -403,10 +533,38 @@ "type": "github" } }, + "pre-commit-hooks-nix": { + "inputs": { + "flake-compat": [ + "lanzaboote", + "flake-compat" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1731363552, + "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "root": { "inputs": { "home-manager": "home-manager", - "nixpkgs": "nixpkgs", + "lanzaboote": "lanzaboote", + "nixpkgs": "nixpkgs_2", "nixvim": "nixvim", "spicetify": "spicetify", "stylix": "stylix", @@ -415,6 +573,27 @@ "zen": "zen" } }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1731897198, + "narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "0be641045af6d8666c11c2c40e45ffc9667839b5", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "spicetify": { "inputs": { "nixpkgs": [ @@ -423,11 +602,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1746937129, - "narHash": "sha256-Dx/YpnRridWnxF0Xpz9FUP3kl/m2QAOM2BM3KNls3sk=", + "lastModified": 1747355848, + "narHash": "sha256-WpOTfGuObhpaI38+uHgaOwnMAjHMrdLrfs6D35fKwjk=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "8f1c5c34cf5f99e1d7197d6d9fa7dd44f00966f0", + "rev": "a2bc0d49449fc61ca2eb364d6189179059394483", "type": "github" }, "original": { @@ -443,7 +622,7 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "flake-utils": "flake-utils", "git-hooks": "git-hooks", "gnome-shell": "gnome-shell", @@ -460,11 +639,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1747170169, - "narHash": "sha256-LRP/8RejiA1IkdN7WEcmEMQC+FSoqyvZ5UYfU12JjiI=", + "lastModified": 1747365543, + "narHash": "sha256-r5HRe9CRFe6qvy7KLkTX9WySTqkNmvlobTR8g5AHLHA=", "owner": "danth", "repo": "stylix", - "rev": "1466793570f22c56fc9f606151bcb306fcaa3551", + "rev": "7566bc015064ed3eb50b436f2225ddab06132beb", "type": "github" }, "original": { @@ -648,11 +827,11 @@ ] }, "locked": { - "lastModified": 1746763614, - "narHash": "sha256-tfBsztz6aUcfIFK8Sewn44mkMXZs8rRQfmHBjVhkUBM=", + "lastModified": 1747282003, + "narHash": "sha256-UlCfXNncIYwUvPxHngoH6pY4fiZlU8Z2Ve/gUEn6h+o=", "owner": "youwen5", "repo": "zen-browser-flake", - "rev": "154aa27229783bca87c3ea3ac4ef32ab9b99cdb6", + "rev": "952ca99903f19a7096a3709f2938d9c7840a5f91", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index f872b89..b1e7db5 100644 --- a/flake.nix +++ b/flake.nix @@ -29,12 +29,16 @@ url = "github:kaitotlex/wallpaper"; flake = false; }; + lanzaboote = { + url = "github:nix-community/lanzaboote/v0.4.2"; + }; }; outputs = { nixpkgs, home-manager, + lanzaboote, ... }@inputs: { @@ -69,7 +73,29 @@ system = "x86_64-linux"; modules = [ ./hosts/shiroko + lanzaboote.nixosModules.lanzaboote + ( + { pkgs, lib, ... }: + { + + environment.systemPackages = [ + # For debugging and troubleshooting Secure Boot. + pkgs.sbctl + ]; + + # Lanzaboote currently replaces the systemd-boot module. + # This setting is usually set to true in configuration.nix + # generated at installation time. So we force it to false + # for now. + boot.loader.systemd-boot.enable = lib.mkForce false; + + boot.lanzaboote = { + enable = true; + pkiBundle = "/var/lib/sbctl"; + }; + } + ) home-manager.nixosModules.home-manager { home-manager = {