temp

make lanzaboote optional
temp
2025-12-07 20:52:45 -08:00 · 2025-12-07 20:47:34 -08:00 · 2025-12-06 18:11:15 -08:00 · 2025-12-06 16:52:27 -08:00 · 2025-12-06 16:46:18 -08:00 · 2025-12-06 16:46:17 -08:00
9 changed files with 194 additions and 32 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,79 @@
 {
  "nodes": {
    "crane": {
      "locked": {
        "lastModified": 1754269165,
        "narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=",
        "owner": "ipetkov",
        "repo": "crane",
        "rev": "444e81206df3f7d92780680e45858e31d2f07a08",
        "type": "github"
      },
      "original": {
        "owner": "ipetkov",
        "repo": "crane",
        "type": "github"
      }
    },
    "flake-compat": {
      "flake": false,
      "locked": {
        "lastModified": 1747046372,
        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
        "owner": "edolstra",
        "repo": "flake-compat",
        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
        "type": "github"
      },
      "original": {
        "owner": "edolstra",
        "repo": "flake-compat",
        "type": "github"
      }
    },
    "flake-parts": {
      "inputs": {
        "nixpkgs-lib": [
          "lanzaboote",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1754091436,
        "narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
        "rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd",
        "type": "github"
      },
      "original": {
        "owner": "hercules-ci",
        "repo": "flake-parts",
        "type": "github"
      }
    },
    "gitignore": {
      "inputs": {
        "nixpkgs": [
          "lanzaboote",
          "pre-commit-hooks-nix",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1709087332,
        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
        "owner": "hercules-ci",
        "repo": "gitignore.nix",
        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
        "type": "github"
      },
      "original": {
        "owner": "hercules-ci",
        "repo": "gitignore.nix",
        "type": "github"
      }
    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
@@ -7,11 +81,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1760130406,
+        "lastModified": 1764034279,
-        "narHash": "sha256-GKMwBaFRw/C1p1VtjDz4DyhyzjKUWyi1K50bh8lgA2E=",
+        "narHash": "sha256-hZH6EHQYFifVg0bmSBYT8Art5BWhXBXE307uPLnexY0=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "d305eece827a3fe317a2d70138f53feccaf890a1",
+        "rev": "381f4f8a3a5f773cb80d2b7eb8f8d733b8861434",
        "type": "github"
      },
      "original": {
@@ -20,6 +94,32 @@
        "type": "github"
      }
    },
    "lanzaboote": {
      "inputs": {
        "crane": "crane",
        "flake-compat": "flake-compat",
        "flake-parts": "flake-parts",
        "nixpkgs": [
          "nixpkgs"
        ],
        "pre-commit-hooks-nix": "pre-commit-hooks-nix",
        "rust-overlay": "rust-overlay"
      },
      "locked": {
        "lastModified": 1762205063,
        "narHash": "sha256-If6vQ+KvtKs3ARBO9G3l+4wFSCYtRBrwX1z+I+B61wQ=",
        "owner": "nix-community",
        "repo": "lanzaboote",
        "rev": "88b8a563ff5704f4e8d8e5118fb911fa2110ca05",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "ref": "v0.4.3",
        "repo": "lanzaboote",
        "type": "github"
      }
    },
    "nixlib": {
      "locked": {
        "lastModified": 1736643958,
@@ -58,11 +158,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1760038930,
+        "lastModified": 1763835633,
-        "narHash": "sha256-Oncbh0UmHjSlxO7ErQDM3KM0A5/Znfofj2BSzlHLeVw=",
+        "narHash": "sha256-HzxeGVID5MChuCPESuC0dlQL1/scDKu+MmzoVBJxulM=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "0b4defa2584313f3b781240b29d61f6f9f7e0df3",
+        "rev": "050e09e091117c3d7328c7b2b7b577492c43c134",
        "type": "github"
      },
      "original": {
@@ -82,11 +182,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1759321049,
+        "lastModified": 1763909441,
-        "narHash": "sha256-8XkU4gIrLT2DJZWQyvsP5woXGZF5eE/7AnKfwQkiwYU=",
+        "narHash": "sha256-56LwV51TX/FhgX+5LCG6akQ5KrOWuKgcJa+eUsRMxsc=",
        "owner": "nix-community",
        "repo": "plasma-manager",
-        "rev": "205dcfd4a30d4a5d1b4f28defee69daa7c7252cd",
+        "rev": "b24ed4b272256dfc1cc2291f89a9821d5f9e14b4",
        "type": "github"
      },
      "original": {
@@ -95,15 +195,63 @@
        "type": "github"
      }
    },
    "pre-commit-hooks-nix": {
      "inputs": {
        "flake-compat": [
          "lanzaboote",
          "flake-compat"
        ],
        "gitignore": "gitignore",
        "nixpkgs": [
          "lanzaboote",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1750779888,
        "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
        "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
        "type": "github"
      },
      "original": {
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "home-manager": "home-manager",
        "lanzaboote": "lanzaboote",
        "nixos-generators": "nixos-generators",
        "nixpkgs": "nixpkgs",
        "plasma-manager": "plasma-manager",
        "secrix": "secrix"
      }
    },
    "rust-overlay": {
      "inputs": {
        "nixpkgs": [
          "lanzaboote",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1761791894,
        "narHash": "sha256-myRIDh+PxaREz+z9LzbqBJF+SnTFJwkthKDX9zMyddY=",
        "owner": "oxalica",
        "repo": "rust-overlay",
        "rev": "59c45eb69d9222a4362673141e00ff77842cd219",
        "type": "github"
      },
      "original": {
        "owner": "oxalica",
        "repo": "rust-overlay",
        "type": "github"
      }
    },
    "secrix": {
      "inputs": {
        "nixpkgs": [
@@ -111,11 +259,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1753137768,
+        "lastModified": 1763929380,
-        "narHash": "sha256-bCQ8IHak1hF38amAgz2YKIEwteU5eAkgoC0fwfoRxO0=",
+        "narHash": "sha256-Yc7gZME/lcHoJH6bMPCG7CyjKWhOLJPqLI8MXtyKPHo=",
        "owner": "Platonic-Systems",
        "repo": "secrix",
-        "rev": "f783b038ee639a589affcf3c612187dafcfa0476",
+        "rev": "c6e3ca7af47c329dcf442a3d017ae171eee5612f",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -22,9 +22,13 @@
      url = "github:Platonic-Systems/secrix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    lanzaboote = {
      url = "github:nix-community/lanzaboote/v0.4.3";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };
-  outputs = { self, nixpkgs, home-manager, plasma-manager, nixos-generators, secrix }:
+  outputs = { self, nixpkgs, home-manager, plasma-manager, nixos-generators, secrix, lanzaboote }:
  let
    hmModule = file: {
      imports = [ home-manager.nixosModules.home-manager ];
@@ -70,6 +74,7 @@
      Yura-TPX13 = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        modules = [
          lanzaboote.nixosModules.lanzaboote
          ./modules
          ./hosts/common.nix
          ./hosts/common-desktop.nix
--- a/home/modules/git.nix
+++ b/home/modules/git.nix
@@ -8,21 +8,23 @@ in
  programs.git = {
    enable = true;
    userName = name;
    userEmail = email;
    signing = {
      key = signingKey;
      signByDefault = true;
      format = "ssh";
    };
-    aliases = {
+    settings = {
-      co = "checkout";
+      user = {
-      s = "switch";
+        name = name;
-    };
+        email = email;
      };
      alias = {
        co = "checkout";
        s = "switch";
      };
    extraConfig = {
      url = {
        "https://gitea.cazzzer.com/" = {
          insteadOf = "caztea:";
--- a/home/modules/plasma.nix
+++ b/home/modules/plasma.nix
@@ -55,6 +55,8 @@
        activities-icons."809dc779-bf5b-49e6-8e3f-cbe283cb05b6" = "keyboard";
        activities-icons."b34a506d-ac4f-4797-8c08-6ef45bc49341" = "preferences-desktop-gaming";
      };
      baloofilerc.General."exclude folders".persistent = true;
      systemsettingsrc.systemsettings_sidebar_mode.HighlightNonDefaultSettings=true;
    };
  };
--- a/hosts/Yura-TPX13/default.nix
+++ b/hosts/Yura-TPX13/default.nix
@@ -11,10 +11,17 @@
    "sysrq_always_enabled=1"
  ];
  boot.lanzaboote = {
    enable = true;
    pkiBundle = "/var/lib/sbctl";
  };
  networking.hostName = "Yura-TPX13"; # Define your hostname.
  networking.hostId = "8425e349"; # Required for ZFS.
  services.fprintd.enable = true;
  security.pam.services.login.fprintAuth = false;
  # Install firefox.
  programs.firefox.enable = true;
--- a/hosts/common-desktop.nix
+++ b/hosts/common-desktop.nix
@@ -7,14 +7,11 @@
    "sysrq_always_enabled=1"
  ];
-  boot.kernelPackages = pkgs.linuxKernel.packages.linux_6_16;
+  boot.kernelPackages = pkgs.linuxKernel.packages.linux_6_17;
  boot.loader = {
    efi.canTouchEfiVariables = true;
    timeout = 3;
-    systemd-boot = {
+    systemd-boot.enable = !config.boot.lanzaboote.enable;
      enable = true;
      configurationLimit = 5;
    };
  };
  # https://nixos.wiki/wiki/Accelerated_Video_Playback
@@ -82,7 +79,7 @@
    fantasque-sans-mono
    nerd-fonts.fantasque-sans-mono
    noto-fonts
-    noto-fonts-emoji
+    noto-fonts-color-emoji
    noto-fonts-cjk-sans
    noto-fonts-cjk-serif
    jetbrains-mono
@@ -137,7 +134,7 @@
    })
    nextcloud-client
    lxqt.pavucontrol-qt
-    pinentry
+    pinentry-all
    tela-circle-icon-theme
    virt-viewer
    waypipe
--- a/modules/router/dns.nix
+++ b/modules/router/dns.nix
@@ -29,6 +29,7 @@ let
    "||pgrok."
    "|sync."
    "|minecruft."
    "|n8n."
  ];
 in
 {
--- a/modules/router/services.nix
+++ b/modules/router/services.nix
@@ -58,7 +58,7 @@ in
    enable = true;
    package = pkgs.caddy.withPlugins {
      plugins = [ "github.com/caddy-dns/cloudflare@v0.2.1" ];
-      hash = "sha256-XwZ0Hkeh2FpQL/fInaSq+/3rCLmQRVvwBM0Y1G1FZNU=";
+      hash = "sha256-aRMg7R0dBAy+LJeGCMPg6HKppM6NPX2NPwtc0CeSQLg=";
    };
    virtualHosts."*.${domain}".extraConfig = ''
      encode
--- a/modules/workarounds/flatpak.nix
+++ b/modules/workarounds/flatpak.nix
@@ -28,7 +28,7 @@ in {
          inherit
            (pkgs)
            noto-fonts
-            noto-fonts-emoji
+            noto-fonts-color-emoji
            noto-fonts-cjk-sans
            noto-fonts-cjk-serif
            ;
Author	SHA1	Message	Date
Yuri Tatishchev	d9937916bb	temp	2025-12-07 20:52:45 -08:00
Yuri Tatishchev	4c7142dcda	make lanzaboote optional	2025-12-07 20:47:34 -08:00
Yuri Tatishchev	923f3f0ffc	temp	2025-12-06 18:11:15 -08:00
Yuri Tatishchev	578f18bc2d	WIP: add secure boot	2025-12-06 16:52:27 -08:00
Yuri Tatishchev	91727dd2df	home: git: fix aliases	2025-12-06 16:46:18 -08:00
Yuri Tatishchev	4e08c64ce5	home: plasma: persist baloofile index excludes, highlight changed system settings	2025-12-06 16:46:17 -08:00
Yuri Tatishchev	d61c23f8e7	laptop: disable fprint for login	2025-12-06 16:46:15 -08:00
Yuri Tatishchev	07d3706a14	router: dns: add n8n	2025-11-25 14:52:47 -08:00
Yuri Tatishchev	1f647856ab	updates: nixpkgs, home-manager, plasma-manager, secrix	2025-11-25 00:50:43 -08:00
Yuri Tatishchev	05a20f830f	updates: linux 6.17, nixpkgs, home-manager, plasma-manager	2025-11-25 00:49:51 -08:00