youthlic/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

machine(Tytonidae): Enable secure boot

Browse source
This commit is contained in:
ulic-youthlic 2025-07-21 20:06:01 +08:00
parent 2300f302af
commit 92ec57e83f
Signed by: youthlic
GPG key ID: 63E86C3C14A0D721
3 changed files with 243 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

271
flake.lock generated
View file

@ -101,7 +101,7 @@
"nur-ataraxiasjel",
"devenv"
],
"nixpkgs": "nixpkgs_6"
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1744206633,
@ -140,6 +140,21 @@
"type": "github"
}
},
"crane": {
"locked": {
"lastModified": 1731098351,
"narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=",
"owner": "ipetkov",
"repo": "crane",
"rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"dae": {
"inputs": {
"flake-parts": [
@ -190,10 +205,10 @@
"devenv": {
"inputs": {
"cachix": "cachix",
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat_4",
"git-hooks": "git-hooks",
"nix": "nix",
"nixpkgs": "nixpkgs_8"
"nixpkgs": "nixpkgs_9"
},
"locked": {
"lastModified": 1748273445,
@ -274,6 +289,22 @@
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1746162366,
@ -289,7 +320,7 @@
"type": "github"
}
},
"flake-compat_3": {
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1733328505,
@ -324,6 +355,27 @@
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1730504689,
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "506278e768c2a08bec68eb62932193e341f55c90",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": [
"nixvim",
@ -344,7 +396,7 @@
"type": "github"
}
},
"flake-parts_3": {
"flake-parts_4": {
"inputs": {
"nixpkgs-lib": [
"nur",
@ -365,7 +417,7 @@
"type": "github"
}
},
"flake-parts_4": {
"flake-parts_5": {
"inputs": {
"nixpkgs-lib": [
"nur-ataraxiasjel",
@ -388,7 +440,7 @@
"type": "github"
}
},
"flake-parts_5": {
"flake-parts_6": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_2"
},
@ -493,7 +545,7 @@
"nur-ataraxiasjel",
"devenv"
],
"gitignore": "gitignore",
"gitignore": "gitignore_2",
"nixpkgs": [
"nur-ataraxiasjel",
"devenv",
@ -515,6 +567,28 @@
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"pre-commit-hooks-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gitignore_2": {
"inputs": {
"nixpkgs": [
"nur-ataraxiasjel",
@ -667,6 +741,30 @@
"type": "github"
}
},
"lanzaboote": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_2",
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
"rust-overlay": "rust-overlay_3"
},
"locked": {
"lastModified": 1737639419,
"narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "a65905a09e2c43ff63be8c0e86a93712361f871e",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "v0.4.2",
"repo": "lanzaboote",
"type": "github"
}
},
"libgit2": {
"flake": false,
"locked": {
@ -730,7 +828,7 @@
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable",
"nixpkgs-stable": "nixpkgs-stable_2",
"xwayland-satellite-stable": "xwayland-satellite-stable",
"xwayland-satellite-unstable": "xwayland-satellite-unstable"
},
@ -787,9 +885,9 @@
"nur-ataraxiasjel",
"devenv"
],
"flake-parts": "flake-parts_4",
"flake-parts": "flake-parts_5",
"libgit2": "libgit2",
"nixpkgs": "nixpkgs_7",
"nixpkgs": "nixpkgs_8",
"nixpkgs-23-11": [
"nur-ataraxiasjel",
"devenv"
@ -843,10 +941,10 @@
},
"nixos-cosmic": {
"inputs": {
"flake-compat": "flake-compat_2",
"nixpkgs": "nixpkgs_2",
"nixpkgs-stable": "nixpkgs-stable_2",
"rust-overlay": "rust-overlay_3"
"flake-compat": "flake-compat_3",
"nixpkgs": "nixpkgs_3",
"nixpkgs-stable": "nixpkgs-stable_3",
"rust-overlay": "rust-overlay_4"
},
"locked": {
"lastModified": 1751591814,
@ -925,6 +1023,22 @@
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1730741070,
"narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1752866191,
"narHash": "sha256-NV4S2Lf2hYmZQ3Qf4t/YyyBaJNuxLPyjzvDma0zPp/M=",
@ -940,7 +1054,7 @@
"type": "github"
}
},
"nixpkgs-stable_2": {
"nixpkgs-stable_3": {
"locked": {
"lastModified": 1751048012,
"narHash": "sha256-MYbotu4UjWpTsq01wglhN5xDRfZYLFtNk7SBY0BcjkU=",
@ -957,6 +1071,22 @@
}
},
"nixpkgs_10": {
"locked": {
"lastModified": 1748190013,
"narHash": "sha256-R5HJFflOfsP5FBtk+zE8FpL8uqE7n62jqOsADvVshhE=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "62b852f6c6742134ade1abdd2a21685fd617a291",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_11": {
"locked": {
"lastModified": 1747958103,
"narHash": "sha256-qmmFCrfBwSHoWw7cVK4Aj+fns+c54EBP8cGqp/yK410=",
@ -973,6 +1103,22 @@
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1731919951,
"narHash": "sha256-vOM6ETpl1yu9KLi/icTmLJIPbbdJCdAVYUXZceO/Ce4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "04386ac325a813047fc314d4b4d838a5b1e3c7fe",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1751011381,
"narHash": "sha256-krGXKxvkBhnrSC/kGBmg5MyupUUT5R6IBCLEzx9jhMM=",
@ -988,7 +1134,7 @@
"type": "github"
}
},
"nixpkgs_3": {
"nixpkgs_4": {
"locked": {
"lastModified": 1752950548,
"narHash": "sha256-NS6BLD0lxOrnCiEOcvQCDVPXafX1/ek1dfJHX1nUIzc=",
@ -1004,7 +1150,7 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_5": {
"locked": {
"lastModified": 1752077645,
"narHash": "sha256-HM791ZQtXV93xtCY+ZxG1REzhQenSQO020cu6rHtAPk=",
@ -1020,7 +1166,7 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_6": {
"locked": {
"lastModified": 1752950548,
"narHash": "sha256-NS6BLD0lxOrnCiEOcvQCDVPXafX1/ek1dfJHX1nUIzc=",
@ -1036,7 +1182,7 @@
"type": "github"
}
},
"nixpkgs_6": {
"nixpkgs_7": {
"locked": {
"lastModified": 1733212471,
"narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=",
@ -1052,7 +1198,7 @@
"type": "github"
}
},
"nixpkgs_7": {
"nixpkgs_8": {
"locked": {
"lastModified": 1717432640,
"narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=",
@ -1068,7 +1214,7 @@
"type": "github"
}
},
"nixpkgs_8": {
"nixpkgs_9": {
"locked": {
"lastModified": 1746807397,
"narHash": "sha256-zU2z0jlkJGWLhdNr/8AJSxqK8XD0IlQgHp3VZcP56Aw=",
@ -1084,26 +1230,10 @@
"type": "github"
}
},
"nixpkgs_9": {
"locked": {
"lastModified": 1748190013,
"narHash": "sha256-R5HJFflOfsP5FBtk+zE8FpL8uqE7n62jqOsADvVshhE=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "62b852f6c6742134ade1abdd2a21685fd617a291",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixvim": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_4",
"flake-parts": "flake-parts_3",
"nixpkgs": "nixpkgs_5",
"nuschtosSearch": "nuschtosSearch",
"systems": "systems_3"
},
@ -1123,8 +1253,8 @@
},
"nur": {
"inputs": {
"flake-parts": "flake-parts_3",
"nixpkgs": "nixpkgs_5"
"flake-parts": "flake-parts_4",
"nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1753043887,
@ -1144,8 +1274,8 @@
"inputs": {
"devenv": "devenv",
"devenv-root": "devenv-root",
"flake-parts": "flake-parts_5",
"nixpkgs": "nixpkgs_9"
"flake-parts": "flake-parts_6",
"nixpkgs": "nixpkgs_10"
},
"locked": {
"lastModified": 1752784378,
@ -1209,6 +1339,33 @@
"type": "github"
}
},
"pre-commit-hooks-nix": {
"inputs": {
"flake-compat": [
"lanzaboote",
"flake-compat"
],
"gitignore": "gitignore",
"nixpkgs": [
"lanzaboote",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1731363552,
"narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": {
"inputs": {
"betterfox-nix": "betterfox-nix",
@ -1220,11 +1377,12 @@
"flake-utils": "flake-utils",
"helix": "helix",
"home-manager": "home-manager_2",
"lanzaboote": "lanzaboote",
"lix-module": "lix-module",
"niri-flake": "niri-flake",
"nixos-cosmic": "nixos-cosmic",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_3",
"nixpkgs": "nixpkgs_4",
"nixvim": "nixvim",
"nur": "nur",
"nur-ataraxiasjel": "nur-ataraxiasjel",
@ -1276,6 +1434,27 @@
}
},
"rust-overlay_3": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1731897198,
"narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "0be641045af6d8666c11c2c40e45ffc9667839b5",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_4": {
"inputs": {
"nixpkgs": [
"nixos-cosmic",
@ -1495,7 +1674,7 @@
},
"treefmt-nix": {
"inputs": {
"nixpkgs": "nixpkgs_10"
"nixpkgs": "nixpkgs_11"
},
"locked": {
"lastModified": 1753006367,

7
flake.nix
View file

@ -194,5 +194,12 @@
owner = "nix-community";
repo = "nixvim";
};
lanzaboote = {
type = "github";
owner = "nix-community";
repo = "lanzaboote";
ref = "v0.4.2";
};
};
}

13
nixos/configurations/Tytonidae/default.nix
View file

@ -17,6 +17,7 @@
++ (with outputs; [
nixosModules.gui
])
++ [inputs.lanzaboote.nixosModules.lanzaboote]
++ (lib.youthlic.loadImports ./.);
youthlic = {
@ -90,6 +91,8 @@
waypipe
wineWow64Packages.waylandFull
iperf3
sbctl
];
environment.variables.EDITOR = "hx";
@ -102,8 +105,14 @@
boot = {
kernelPackages = pkgs.linuxPackages_cachyos;
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
loader = {
systemd-boot.enable = lib.mkForce false;
efi.canTouchEfiVariables = true;
};
initrd.systemd.enable = true;
};