mirror of
https://github.com/Gerg-L/nixos.git
synced 2025-12-09 16:33:57 -05:00
Compare commits
3 commits
9532bfa8a4
...
1abe992961
| Author | SHA1 | Date | |
|---|---|---|---|
1abe992961
|
|||
|
f3c90cfebc
|
|||
|
fc5d56ddd5
|
5 changed files with 54 additions and 242 deletions
159
flake.lock
generated
159
flake.lock
generated
|
|
@ -1,20 +1,5 @@
|
|||
{
|
||||
"nodes": {
|
||||
"crane": {
|
||||
"locked": {
|
||||
"lastModified": 1754269165,
|
||||
"narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=",
|
||||
"owner": "ipetkov",
|
||||
"repo": "crane",
|
||||
"rev": "444e81206df3f7d92780680e45858e31d2f07a08",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "ipetkov",
|
||||
"repo": "crane",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"disko": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
|
|
@ -56,22 +41,6 @@
|
|||
}
|
||||
},
|
||||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1747046372,
|
||||
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_2": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1733328505,
|
||||
|
|
@ -87,7 +56,7 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_3": {
|
||||
"flake-compat_2": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1761588595,
|
||||
|
|
@ -104,27 +73,6 @@
|
|||
}
|
||||
},
|
||||
"flake-parts": {
|
||||
"inputs": {
|
||||
"nixpkgs-lib": [
|
||||
"lanzaboote",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1754091436,
|
||||
"narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-parts_2": {
|
||||
"inputs": {
|
||||
"nixpkgs-lib": [
|
||||
"nix",
|
||||
|
|
@ -145,7 +93,7 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-parts_3": {
|
||||
"flake-parts_2": {
|
||||
"inputs": {
|
||||
"nixpkgs-lib": [
|
||||
"nvim-flake",
|
||||
|
|
@ -198,53 +146,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"gitignore": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"lanzaboote",
|
||||
"pre-commit-hooks-nix",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1709087332,
|
||||
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "gitignore.nix",
|
||||
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "hercules-ci",
|
||||
"repo": "gitignore.nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"lanzaboote": {
|
||||
"inputs": {
|
||||
"crane": "crane",
|
||||
"flake-compat": "flake-compat",
|
||||
"flake-parts": "flake-parts",
|
||||
"nixpkgs": [
|
||||
"unstable"
|
||||
],
|
||||
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
|
||||
"rust-overlay": "rust-overlay"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1762205063,
|
||||
"narHash": "sha256-If6vQ+KvtKs3ARBO9G3l+4wFSCYtRBrwX1z+I+B61wQ=",
|
||||
"owner": "nix-community",
|
||||
"repo": "lanzaboote",
|
||||
"rev": "88b8a563ff5704f4e8d8e5118fb911fa2110ca05",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "lanzaboote",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"master": {
|
||||
"locked": {
|
||||
"lastModified": 1762312580,
|
||||
|
|
@ -278,7 +179,7 @@
|
|||
},
|
||||
"neovim-nightly": {
|
||||
"inputs": {
|
||||
"flake-parts": "flake-parts_3",
|
||||
"flake-parts": "flake-parts_2",
|
||||
"neovim-src": "neovim-src",
|
||||
"nixpkgs": "nixpkgs"
|
||||
},
|
||||
|
|
@ -314,8 +215,8 @@
|
|||
},
|
||||
"nix": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat_2",
|
||||
"flake-parts": "flake-parts_2",
|
||||
"flake-compat": "flake-compat",
|
||||
"flake-parts": "flake-parts",
|
||||
"git-hooks-nix": "git-hooks-nix",
|
||||
"nixpkgs": [
|
||||
"stable"
|
||||
|
|
@ -444,7 +345,7 @@
|
|||
},
|
||||
"nvim-flake": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat_3",
|
||||
"flake-compat": "flake-compat_2",
|
||||
"mnw": "mnw",
|
||||
"neovim-nightly": "neovim-nightly",
|
||||
"nixpkgs": [
|
||||
|
|
@ -466,37 +367,10 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"pre-commit-hooks-nix": {
|
||||
"inputs": {
|
||||
"flake-compat": [
|
||||
"lanzaboote",
|
||||
"flake-compat"
|
||||
],
|
||||
"gitignore": "gitignore",
|
||||
"nixpkgs": [
|
||||
"lanzaboote",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1750779888,
|
||||
"narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
|
||||
"owner": "cachix",
|
||||
"repo": "pre-commit-hooks.nix",
|
||||
"rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "cachix",
|
||||
"repo": "pre-commit-hooks.nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"disko": "disko",
|
||||
"fetch-rs": "fetch-rs",
|
||||
"lanzaboote": "lanzaboote",
|
||||
"master": "master",
|
||||
"nix": "nix",
|
||||
"nix-index-database": "nix-index-database",
|
||||
|
|
@ -510,27 +384,6 @@
|
|||
"unstable": "unstable"
|
||||
}
|
||||
},
|
||||
"rust-overlay": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"lanzaboote",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1761791894,
|
||||
"narHash": "sha256-myRIDh+PxaREz+z9LzbqBJF+SnTFJwkthKDX9zMyddY=",
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"rev": "59c45eb69d9222a4362673141e00ff77842cd219",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"sops-nix": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
|
|
|
|||
|
|
@ -52,12 +52,6 @@
|
|||
repo = "nix-index-database";
|
||||
inputs.nixpkgs.follows = "unstable";
|
||||
};
|
||||
lanzaboote = {
|
||||
type = "github";
|
||||
owner = "nix-community";
|
||||
repo = "lanzaboote";
|
||||
inputs.nixpkgs.follows = "unstable";
|
||||
};
|
||||
systems = {
|
||||
type = "github";
|
||||
owner = "nix-systems";
|
||||
|
|
|
|||
|
|
@ -1,67 +1,38 @@
|
|||
{
|
||||
lanzaboote,
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
}:
|
||||
let
|
||||
windowsConf = ''
|
||||
title Windows
|
||||
efi /shellx64.efi
|
||||
options -nointerrupt -noconsolein -noconsoleout HD2d65535a1:EFI\Microsoft\Boot\Bootmgfw.efi
|
||||
'';
|
||||
in
|
||||
{
|
||||
imports = [ lanzaboote.nixosModules.lanzaboote ];
|
||||
local.packages = {
|
||||
inherit (pkgs) sbctl;
|
||||
};
|
||||
|
||||
environment.systemPackages = [
|
||||
pkgs.sbctl
|
||||
(pkgs.writeShellScriptBin "windows" ''
|
||||
bootctl set-oneshot windows.conf
|
||||
bootctl set-timeout-oneshot 1
|
||||
reboot
|
||||
'')
|
||||
];
|
||||
systemd.tmpfiles.rules = [
|
||||
"L+ /var/lib/sbctl - - - - /persist/secureboot"
|
||||
];
|
||||
|
||||
boot = {
|
||||
lanzaboote = {
|
||||
enable = true;
|
||||
pkiBundle = "/var/lib/sbctl";
|
||||
configurationLimit = 10;
|
||||
package = lib.mkForce (
|
||||
pkgs.writeShellApplication {
|
||||
name = "lzbt";
|
||||
runtimeInputs = [
|
||||
lanzaboote.packages.tool
|
||||
pkgs.coreutils
|
||||
pkgs.sbctl
|
||||
];
|
||||
text = ''
|
||||
lzbt "$@"
|
||||
MP='${config.boot.loader.efi.efiSysMountPoint}'
|
||||
cp -f '${pkgs.edk2-uefi-shell.efi}' "$MP/shellx64.efi"
|
||||
mkdir -p "$MP/loader/entries"
|
||||
sbctl sign -s "$MP/shellx64.efi"
|
||||
cat << EOF > "$MP/loader/entries/windows.conf"
|
||||
${windowsConf}
|
||||
EOF
|
||||
'';
|
||||
}
|
||||
);
|
||||
};
|
||||
|
||||
loader = {
|
||||
systemd-boot = {
|
||||
enable = lib.mkForce false;
|
||||
extraFiles."shellx64.efi" = pkgs.edk2-uefi-shell.efi;
|
||||
extraEntries."windows.conf" = windowsConf;
|
||||
limine = {
|
||||
enable = true;
|
||||
biosSupport = false;
|
||||
efiSupport = true;
|
||||
maxGenerations = 10;
|
||||
enableEditor = false;
|
||||
secureBoot = {
|
||||
enable = true;
|
||||
};
|
||||
extraEntries = ''
|
||||
/Windows
|
||||
protocol: efi
|
||||
path: uuid(58952b7f-ac08-4fa3-92ad-cac5a3349199):/EFI/Microsoft/Boot/bootmgfw.efi
|
||||
'';
|
||||
};
|
||||
efi.efiSysMountPoint = "/efi0E";
|
||||
# just in case
|
||||
systemd-boot.enable = lib.mkForce false;
|
||||
grub.enable = lib.mkForce false;
|
||||
timeout = lib.mkForce 5;
|
||||
efi.efiSysMountPoint = "/efi22";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,8 +15,7 @@ in
|
|||
};
|
||||
|
||||
sops = {
|
||||
secrets =
|
||||
{
|
||||
secrets = {
|
||||
ferretdb = { };
|
||||
lavalink = {
|
||||
sopsFile = ./secrets.yaml;
|
||||
|
|
|
|||
|
|
@ -14,14 +14,6 @@
|
|||
pciutils # lspci
|
||||
nix-janitor
|
||||
;
|
||||
nixos-rebuild-ng = pkgs.symlinkJoin {
|
||||
name = "nixos-rebuild-ng";
|
||||
paths = [ pkgs.nixos-rebuild-ng ];
|
||||
postBuild = ''
|
||||
ln -s "$out/bin/nixos-rebuild-ng" "$out/bin/nixos-rebuild"
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
programs.git.enable = true;
|
||||
|
|
@ -69,7 +61,10 @@
|
|||
# Useless with flakes (without configuring)
|
||||
programs.command-not-found.enable = false;
|
||||
|
||||
system.disableInstallerTools = true;
|
||||
system = {
|
||||
disableInstallerTools = true;
|
||||
tools.nixos-rebuild.enable = true;
|
||||
};
|
||||
|
||||
services.userborn.enable = true;
|
||||
boot.enableContainers = false;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue