diff --git a/flake.lock b/flake.lock index 7c60bb96..0c469208 100644 --- a/flake.lock +++ b/flake.lock @@ -132,30 +132,6 @@ "type": "gitlab" } }, - "crane": { - "inputs": { - "flake-compat": "flake-compat", - "flake-utils": "flake-utils_2", - "nixpkgs": [ - "lanzaboote", - "nixpkgs" - ], - "rust-overlay": "rust-overlay" - }, - "locked": { - "lastModified": 1681177078, - "narHash": "sha256-ZNIjBDou2GOabcpctiQykEQVkI8BDwk7TyvlWlI4myE=", - "owner": "ipetkov", - "repo": "crane", - "rev": "0c9f468ff00576577d83f5019a66c557ede5acf6", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, "darwin": { "inputs": { "nixpkgs": [ @@ -222,38 +198,6 @@ } }, "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1732722421, - "narHash": "sha256-HRJ/18p+WoXpWJkcdsk9St5ZiukCqSDgbOGFa8Okehg=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "9ed2ac151eada2306ca8c418ebd97807bb08f6ac", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_3": { "flake": false, "locked": { "lastModified": 1696426674, @@ -269,27 +213,6 @@ "type": "github" } }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "lanzaboote", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1680392223, - "narHash": "sha256-n3g7QFr85lDODKt250rkZj2IFS3i4/8HBU2yKHO3tqw=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "dcc36e45d054d7bb554c9cdab69093debd91a0b5", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flake-utils": { "inputs": { "systems": [ @@ -310,64 +233,6 @@ "type": "github" } }, - "flake-utils_2": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_3": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "gitignore": { - "inputs": { - "nixpkgs": [ - "lanzaboote", - "pre-commit-hooks-nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1660459072, - "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -388,35 +253,6 @@ "type": "github" } }, - "lanzaboote": { - "inputs": { - "crane": "crane", - "flake-compat": "flake-compat_2", - "flake-parts": "flake-parts", - "flake-utils": [ - "flake-utils" - ], - "nixpkgs": [ - "nixpkgs" - ], - "pre-commit-hooks-nix": "pre-commit-hooks-nix", - "rust-overlay": "rust-overlay_2" - }, - "locked": { - "lastModified": 1718178907, - "narHash": "sha256-eSZyrQ9uoPB9iPQ8Y5H7gAmAgAvCw3InStmU3oEjqsE=", - "owner": "nix-community", - "repo": "lanzaboote", - "rev": "b627ccd97d0159214cee5c7db1412b75e4be6086", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "v0.4.1", - "repo": "lanzaboote", - "type": "github" - } - }, "nix-index-database": { "inputs": { "nixpkgs": [ @@ -440,7 +276,7 @@ "nixos-mailserver": { "inputs": { "blobs": "blobs", - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat", "nixpkgs": [ "nixpkgs" ], @@ -507,22 +343,6 @@ "type": "github" } }, - "nixpkgs-stable_2": { - "locked": { - "lastModified": 1678872516, - "narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "9b8e5abb18324c7fe9f07cb100c3cd4a29cda8b8", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-22.11", - "repo": "nixpkgs", - "type": "github" - } - }, "nur": { "locked": { "lastModified": 1732939561, @@ -538,34 +358,6 @@ "type": "github" } }, - "pre-commit-hooks-nix": { - "inputs": { - "flake-compat": [ - "lanzaboote", - "flake-compat" - ], - "flake-utils": "flake-utils_3", - "gitignore": "gitignore", - "nixpkgs": [ - "lanzaboote", - "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable_2" - }, - "locked": { - "lastModified": 1681413034, - "narHash": "sha256-/t7OjNQcNkeWeSq/CFLYVBfm+IEnkjoSm9iKvArnUUI=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "d3de8f69ca88fb6f8b09e5b598be5ac98d28ede5", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, "root": { "inputs": { "accentor": "accentor", @@ -577,63 +369,15 @@ "emacs-overlay": "emacs-overlay", "flake-utils": "flake-utils", "home-manager": "home-manager", - "lanzaboote": "lanzaboote", "nix-index-database": "nix-index-database", "nixos-mailserver": "nixos-mailserver", "nixpkgs": "nixpkgs", "nur": "nur", - "systems": "systems_3", + "systems": "systems", "tetris": "tetris", "www-chvp-be": "www-chvp-be" } }, - "rust-overlay": { - "inputs": { - "nixpkgs": [ - "lanzaboote", - "crane", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1733106880, - "narHash": "sha256-aJmAIjZfWfPSWSExwrYBLRgXVvgF5LP1vaeUGOOIQ98=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "e66c0d43abf5bdefb664c3583ca8994983c332ae", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, - "rust-overlay_2": { - "inputs": { - "flake-utils": [ - "lanzaboote", - "flake-utils" - ], - "nixpkgs": [ - "lanzaboote", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1682129965, - "narHash": "sha256-1KRPIorEL6pLpJR04FwAqqnt4Tzcm4MqD84yhlD+XSk=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "2c417c0460b788328220120c698630947547ee83", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, "systems": { "locked": { "lastModified": 1681028828, @@ -649,36 +393,6 @@ "type": "github" } }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "tetris": { "inputs": { "devshell": [ diff --git a/flake.nix b/flake.nix index cfcd52b4..93a7be36 100644 --- a/flake.nix +++ b/flake.nix @@ -61,13 +61,6 @@ url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; - lanzaboote = { - url = "github:nix-community/lanzaboote/v0.4.1"; - inputs = { - nixpkgs.follows = "nixpkgs"; - flake-utils.follows = "flake-utils"; - }; - }; nixos-mailserver = { url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; inputs.nixpkgs.follows = "nixpkgs"; @@ -98,7 +91,7 @@ }; }; - outputs = inputs@{ self, nixpkgs, accentor, accentor-api, accentor-web, agenix, darwin, devshell, emacs-overlay, flake-utils, home-manager, lanzaboote, nix-index-database, nixos-mailserver, nur, tetris, www-chvp-be, ... }: + outputs = inputs@{ self, nixpkgs, accentor, accentor-api, accentor-web, agenix, darwin, devshell, emacs-overlay, flake-utils, home-manager, nix-index-database, nixos-mailserver, nur, tetris, www-chvp-be, ... }: let patches = builtins.map (patch: ./patches + "/${patch}") (builtins.filter (x: x != ".keep") (builtins.attrNames (builtins.readDir ./patches))); # Avoid IFD if there are no patches @@ -131,7 +124,6 @@ accentor.nixosModules.default agenix.nixosModules.default home-manager.nixosModules.default - lanzaboote.nixosModules.lanzaboote nixos-mailserver.nixosModules.default nix-index-database.nixosModules.nix-index ./modules/nixos diff --git a/machines/kholinar/hardware.nix b/machines/kholinar/hardware.nix index 96be6b51..10eea978 100644 --- a/machines/kholinar/hardware.nix +++ b/machines/kholinar/hardware.nix @@ -4,10 +4,6 @@ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; boot = { - lanzaboote = { - enable = true; - pkiBundle = "/etc/secureboot"; - }; loader.efi.canTouchEfiVariables = true; initrd = { availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ]; @@ -21,10 +17,7 @@ }; - chvp.base = { - nix.unfreePackages = [ "displaylink" ]; - zfs.systemLinks = [{ path = "/etc/secureboot"; type = "cache"; }]; - }; + chvp.base.nix.unfreePackages = [ "displaylink" ]; # For Secure Boot management environment.systemPackages = [ pkgs.sbctl ]; diff --git a/modules/shared/base/nix/default.nix b/modules/shared/base/nix/default.nix index e3f76949..9a41133b 100644 --- a/modules/shared/base/nix/default.nix +++ b/modules/shared/base/nix/default.nix @@ -66,14 +66,12 @@ in "https://cache.nixos.org" "https://accentor.cachix.org" "https://chvp.cachix.org" - "https://lanzaboote.cachix.org" "https://nix-community.cachix.org" ]; trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "accentor.cachix.org-1:QP+oJwzmeq5Fsyp4Vk501UgUSbl5VIna/ard/XOePH8=" "chvp.cachix.org-1:eIG26KkeA+R3tCpvmaayA9i3KVVL06G+qB5ci4dHBT4=" - "lanzaboote.cachix.org-1:Nt9//zGmqkg1k5iu+B3bkj3OmHKjSw9pvf3faffLLNk=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ]; trusted-users = [ username ];