From 1abe992961d42bf8ee574cc2e708f16c5b4e92df Mon Sep 17 00:00:00 2001 From: Gerg-L Date: Thu, 6 Nov 2025 22:19:55 -0500 Subject: [PATCH] feat: rip lanzaboote --- flake.lock | 159 +--------------------- flake.nix | 6 - nixosConfigurations/gerg-desktop/boot.nix | 69 +++------- 3 files changed, 26 insertions(+), 208 deletions(-) diff --git a/flake.lock b/flake.lock index 6b7bc39..a6f6126 100644 --- a/flake.lock +++ b/flake.lock @@ -1,20 +1,5 @@ { "nodes": { - "crane": { - "locked": { - "lastModified": 1754269165, - "narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=", - "owner": "ipetkov", - "repo": "crane", - "rev": "444e81206df3f7d92780680e45858e31d2f07a08", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, "disko": { "inputs": { "nixpkgs": [ @@ -56,22 +41,6 @@ } }, "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { "flake": false, "locked": { "lastModified": 1733328505, @@ -87,7 +56,7 @@ "type": "github" } }, - "flake-compat_3": { + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1761588595, @@ -104,27 +73,6 @@ } }, "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "lanzaboote", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1754091436, - "narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "nix", @@ -145,7 +93,7 @@ "type": "github" } }, - "flake-parts_3": { + "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "nvim-flake", @@ -198,53 +146,6 @@ "type": "github" } }, - "gitignore": { - "inputs": { - "nixpkgs": [ - "lanzaboote", - "pre-commit-hooks-nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, - "lanzaboote": { - "inputs": { - "crane": "crane", - "flake-compat": "flake-compat", - "flake-parts": "flake-parts", - "nixpkgs": [ - "unstable" - ], - "pre-commit-hooks-nix": "pre-commit-hooks-nix", - "rust-overlay": "rust-overlay" - }, - "locked": { - "lastModified": 1762205063, - "narHash": "sha256-If6vQ+KvtKs3ARBO9G3l+4wFSCYtRBrwX1z+I+B61wQ=", - "owner": "nix-community", - "repo": "lanzaboote", - "rev": "88b8a563ff5704f4e8d8e5118fb911fa2110ca05", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "lanzaboote", - "type": "github" - } - }, "master": { "locked": { "lastModified": 1762312580, @@ -278,7 +179,7 @@ }, "neovim-nightly": { "inputs": { - "flake-parts": "flake-parts_3", + "flake-parts": "flake-parts_2", "neovim-src": "neovim-src", "nixpkgs": "nixpkgs" }, @@ -314,8 +215,8 @@ }, "nix": { "inputs": { - "flake-compat": "flake-compat_2", - "flake-parts": "flake-parts_2", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", "git-hooks-nix": "git-hooks-nix", "nixpkgs": [ "stable" @@ -444,7 +345,7 @@ }, "nvim-flake": { "inputs": { - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_2", "mnw": "mnw", "neovim-nightly": "neovim-nightly", "nixpkgs": [ @@ -466,37 +367,10 @@ "type": "github" } }, - "pre-commit-hooks-nix": { - "inputs": { - "flake-compat": [ - "lanzaboote", - "flake-compat" - ], - "gitignore": "gitignore", - "nixpkgs": [ - "lanzaboote", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1750779888, - "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, "root": { "inputs": { "disko": "disko", "fetch-rs": "fetch-rs", - "lanzaboote": "lanzaboote", "master": "master", "nix": "nix", "nix-index-database": "nix-index-database", @@ -510,27 +384,6 @@ "unstable": "unstable" } }, - "rust-overlay": { - "inputs": { - "nixpkgs": [ - "lanzaboote", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1761791894, - "narHash": "sha256-myRIDh+PxaREz+z9LzbqBJF+SnTFJwkthKDX9zMyddY=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "59c45eb69d9222a4362673141e00ff77842cd219", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, "sops-nix": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index 01fd0bb..53587bb 100644 --- a/flake.nix +++ b/flake.nix @@ -52,12 +52,6 @@ repo = "nix-index-database"; inputs.nixpkgs.follows = "unstable"; }; - lanzaboote = { - type = "github"; - owner = "nix-community"; - repo = "lanzaboote"; - inputs.nixpkgs.follows = "unstable"; - }; systems = { type = "github"; owner = "nix-systems"; diff --git a/nixosConfigurations/gerg-desktop/boot.nix b/nixosConfigurations/gerg-desktop/boot.nix index 4529d28..8cd4c06 100644 --- a/nixosConfigurations/gerg-desktop/boot.nix +++ b/nixosConfigurations/gerg-desktop/boot.nix @@ -1,67 +1,38 @@ { - lanzaboote, - config, lib, pkgs, }: -let - windowsConf = '' - title Windows - efi /shellx64.efi - options -nointerrupt -noconsolein -noconsoleout HD2d65535a1:EFI\Microsoft\Boot\Bootmgfw.efi - ''; -in { - imports = [ lanzaboote.nixosModules.lanzaboote ]; + local.packages = { + inherit (pkgs) sbctl; + }; - environment.systemPackages = [ - pkgs.sbctl - (pkgs.writeShellScriptBin "windows" '' - bootctl set-oneshot windows.conf - bootctl set-timeout-oneshot 1 - reboot - '') - ]; systemd.tmpfiles.rules = [ "L+ /var/lib/sbctl - - - - /persist/secureboot" ]; boot = { - lanzaboote = { - enable = true; - pkiBundle = "/var/lib/sbctl"; - configurationLimit = 10; - package = lib.mkForce ( - pkgs.writeShellApplication { - name = "lzbt"; - runtimeInputs = [ - lanzaboote.packages.tool - pkgs.coreutils - pkgs.sbctl - ]; - text = '' - lzbt "$@" - MP='${config.boot.loader.efi.efiSysMountPoint}' - cp -f '${pkgs.edk2-uefi-shell.efi}' "$MP/shellx64.efi" - mkdir -p "$MP/loader/entries" - sbctl sign -s "$MP/shellx64.efi" - cat << EOF > "$MP/loader/entries/windows.conf" - ${windowsConf} - EOF - ''; - } - ); - }; - loader = { - systemd-boot = { - enable = lib.mkForce false; - extraFiles."shellx64.efi" = pkgs.edk2-uefi-shell.efi; - extraEntries."windows.conf" = windowsConf; + limine = { + enable = true; + biosSupport = false; + efiSupport = true; + maxGenerations = 10; + enableEditor = false; + secureBoot = { + enable = true; + }; + extraEntries = '' + /Windows + protocol: efi + path: uuid(58952b7f-ac08-4fa3-92ad-cac5a3349199):/EFI/Microsoft/Boot/bootmgfw.efi + ''; }; + efi.efiSysMountPoint = "/efi0E"; + # just in case + systemd-boot.enable = lib.mkForce false; grub.enable = lib.mkForce false; timeout = lib.mkForce 5; - efi.efiSysMountPoint = "/efi22"; }; }; }