diff --git a/flake.lock b/flake.lock index 2770b43..d25617a 100644 --- a/flake.lock +++ b/flake.lock @@ -1,115 +1,5 @@ { "nodes": { - "crane": { - "inputs": { - "flake-compat": [ - "lanzaboote", - "flake-compat" - ], - "flake-utils": [ - "lanzaboote", - "flake-utils" - ], - "nixpkgs": [ - "lanzaboote", - "nixpkgs" - ], - "rust-overlay": [ - "lanzaboote", - "rust-overlay" - ] - }, - "locked": { - "lastModified": 1681177078, - "narHash": "sha256-ZNIjBDou2GOabcpctiQykEQVkI8BDwk7TyvlWlI4myE=", - "owner": "ipetkov", - "repo": "crane", - "rev": "0c9f468ff00576577d83f5019a66c557ede5acf6", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "lanzaboote", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1680392223, - "narHash": "sha256-n3g7QFr85lDODKt250rkZj2IFS3i4/8HBU2yKHO3tqw=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "dcc36e45d054d7bb554c9cdab69093debd91a0b5", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1681202837, - "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "cfacdce06f30d2b68473a46042957675eebb3401", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "gitignore": { - "inputs": { - "nixpkgs": [ - "lanzaboote", - "pre-commit-hooks-nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1660459072, - "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -117,11 +7,11 @@ ] }, "locked": { - "lastModified": 1692099905, - "narHash": "sha256-/pSusGhmIdSdAaywQRFA5dVbfdIzlWQTecM+E46+cJ0=", + "lastModified": 1687871164, + "narHash": "sha256-bBFlPthuYX322xOlpJvkjUBz0C+MOBjZdDOOJJ+G2jU=", "owner": "nix-community", "repo": "home-manager", - "rev": "2a6679aa9cc3872c29ba2a57fe1b71b3e3c5649f", + "rev": "07c347bb50994691d7b0095f45ebd8838cf6bc38", "type": "github" }, "original": { @@ -131,31 +21,6 @@ "type": "github" } }, - "lanzaboote": { - "inputs": { - "crane": "crane", - "flake-compat": "flake-compat", - "flake-parts": "flake-parts", - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs", - "pre-commit-hooks-nix": "pre-commit-hooks-nix", - "rust-overlay": "rust-overlay" - }, - "locked": { - "lastModified": 1682802423, - "narHash": "sha256-Fb5TeRTdvUlo/5Yi2d+FC8a6KoRLk2h1VE0/peMhWPs=", - "owner": "nix-community", - "repo": "lanzaboote", - "rev": "64b903ca87d18cef2752c19c098af275c6e51d63", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "v0.3.0", - "repo": "lanzaboote", - "type": "github" - } - }, "mysecrets": { "flake": false, "locked": { @@ -174,11 +39,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1691871742, - "narHash": "sha256-6yDNjfbAMpwzWL4y75fxs6beXHRANfYX8BNSPjYehck=", + "lastModified": 1689060619, + "narHash": "sha256-vODUkZLWFVCvo1KPK3dC2CbXjxa9antEn5ozwlcTr48=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "430a56dd16fe583a812b2df44dca002acab2f4f6", + "rev": "44bc025007e5fcc10dbc3d9f96dcbf06fc0e8c1c", "type": "github" }, "original": { @@ -190,11 +55,11 @@ }, "nixos-unstable": { "locked": { - "lastModified": 1692174805, - "narHash": "sha256-xmNPFDi/AUMIxwgOH/IVom55Dks34u1g7sFKKebxUm0=", + "lastModified": 1689192006, + "narHash": "sha256-QM0f0d8oPphOTYJebsHioR9+FzJcy1QNIzREyubB91U=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "caac0eb6bdcad0b32cb2522e03e4002c8975c62e", + "rev": "2de8efefb6ce7f5e4e75bdf57376a96555986841", "type": "github" }, "original": { @@ -206,43 +71,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1682741954, - "narHash": "sha256-RPZxzRu8XU0YD2WeYUFYzJy5yAvWUsxkuK+zWw+6WVk=", + "lastModified": 1689209875, + "narHash": "sha256-8AVcBV1DiszaZzHFd5iLc8HSLfxRAuqcU0QdfBEF3Ag=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "373e9eb4c42b2fc0611d794de5ea715a35d72393", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable-small", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1678872516, - "narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "9b8e5abb18324c7fe9f07cb100c3cd4a29cda8b8", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-22.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1692207601, - "narHash": "sha256-tfPGNKQcJT1cvT6ufqO/7ydYNL6mcJClvzbrzhKjB80=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "b30c68669df77d981ce4aefd6b9d378563f6fc4e", + "rev": "fcc147b1e9358a8386b2c4368bd928e1f63a7df2", "type": "github" }, "original": { @@ -254,11 +87,11 @@ }, "nur": { "locked": { - "lastModified": 1692275917, - "narHash": "sha256-PcUYd0Si3tFsxnT57IfiLy/s5VCPXuUoFK+SvQ7kexI=", + "lastModified": 1689268587, + "narHash": "sha256-f2SCLzz6CfYIX9WN9MDQAz2T1YkI/ycYNwUZb1rpRiE=", "owner": "nix-community", "repo": "NUR", - "rev": "b7fcbcbbdbf2bbbda6965cbcc8f85542c314167c", + "rev": "b628a183586e0de78a9250728eb4acee4fac1818", "type": "github" }, "original": { @@ -267,87 +100,15 @@ "type": "github" } }, - "pre-commit-hooks-nix": { - "inputs": { - "flake-compat": [ - "lanzaboote", - "flake-compat" - ], - "flake-utils": [ - "lanzaboote", - "flake-utils" - ], - "gitignore": "gitignore", - "nixpkgs": [ - "lanzaboote", - "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable" - }, - "locked": { - "lastModified": 1681413034, - "narHash": "sha256-/t7OjNQcNkeWeSq/CFLYVBfm+IEnkjoSm9iKvArnUUI=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "d3de8f69ca88fb6f8b09e5b598be5ac98d28ede5", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, "root": { "inputs": { "home-manager": "home-manager", - "lanzaboote": "lanzaboote", "mysecrets": "mysecrets", "nixos-hardware": "nixos-hardware", "nixos-unstable": "nixos-unstable", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs", "nur": "nur" } - }, - "rust-overlay": { - "inputs": { - "flake-utils": [ - "lanzaboote", - "flake-utils" - ], - "nixpkgs": [ - "lanzaboote", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1682129965, - "narHash": "sha256-1KRPIorEL6pLpJR04FwAqqnt4Tzcm4MqD84yhlD+XSk=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "2c417c0460b788328220120c698630947547ee83", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 56baa6c..f5ff462 100644 --- a/flake.nix +++ b/flake.nix @@ -9,12 +9,7 @@ url = "github:nix-community/home-manager/release-23.05"; inputs.nixpkgs.follows = "nixpkgs"; }; - lanzaboote = { - url = "github:nix-community/lanzaboote/v0.3.0"; - # deliberately do _not_ follow the nixpkgs input here, because paranoia and test coverage - }; - - nur.url = "github:nix-community/NUR"; + nur.url = "github:nix-community/NUR"; # TODO: possible make this a flake as well mysecrets = { flake = false; @@ -24,7 +19,7 @@ }; outputs = - { self, nixpkgs, nur, lanzaboote, ... }@inputs: + { self, nixpkgs, nur, ... }@inputs: let system = "x86_64-linux"; pkgs = nixpkgs.legacyPackages.${system}; @@ -33,7 +28,7 @@ nixosConfigurations.thinknix = nixpkgs.lib.nixosSystem { inherit system; - modules = [ ./nixos/configuration.nix lanzaboote.nixosModules.lanzaboote ]; + modules = [ ./nixos/configuration.nix ]; # necessary to make the top-level inputs available to system configuration specialArgs = { #TODO: for system, consider moving to flake-utils diff --git a/home/home.nix b/home/home.nix index 428805e..6b149e3 100644 --- a/home/home.nix +++ b/home/home.nix @@ -25,7 +25,7 @@ let alacritty libreoffice-qt # fresh with KDE integration backintime-common - anki + anki-bin signal-desktop (tor-browser-bundle-bin.override { mediaSupport = true; @@ -38,6 +38,7 @@ let nheko gpx-viewer gpxsee + cawbird subsurface yate # split and merge PDFs in a GUI @@ -45,7 +46,6 @@ let qbittorrent #(pkgs.pidgin-with-plugins.override { # plugins = [ pkgs.pidginotr ];}) - logseq # for Hibiscus banking software diff --git a/nixos/configuration.nix b/nixos/configuration.nix index f6c8c3b..538465d 100644 --- a/nixos/configuration.nix +++ b/nixos/configuration.nix @@ -39,23 +39,10 @@ in }; boot.kernel.sysctl."vm.swappiness" = 9; + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - # UEFI secure boot - environment.systemPackages = [ - pkgs.sbctl - ]; - # Lanzaboote currently replaces the systemd-boot module. - # This setting is usually set to true in configuration.nix - # generated at installation time. So we force it to false - # for now. - boot.loader.systemd-boot.enable = lib.mkForce false; - - boot.lanzaboote = { - enable = true; - pkiBundle = "/etc/secureboot"; - }; - # make the boot look good boot.plymouth.enable = true;