kitten.sh / system
Personal Nix setup
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

Add secure boot

Phil Pluckthun 63d2829b f219f347

+215 -26
+167 -3
flake.lock
··· 79 79 } 80 80 }, 81 81 "flake-compat": { 82 + "flake": false, 83 + "locked": { 84 + "lastModified": 1673956053, 85 + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", 86 + "owner": "edolstra", 87 + "repo": "flake-compat", 88 + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", 89 + "type": "github" 90 + }, 91 + "original": { 92 + "owner": "edolstra", 93 + "repo": "flake-compat", 94 + "type": "github" 95 + } 96 + }, 97 + "flake-compat_2": { 82 98 "locked": { 83 99 "lastModified": 1680531544, 84 100 "narHash": "sha256-8qbiDTYb1kGaDADRXTItpcMKQ1TeQVkuof6oEwHUvVA=", ··· 96 112 "flake-parts": { 97 113 "inputs": { 98 114 "nixpkgs-lib": [ 115 + "lanzaboote", 116 + "nixpkgs" 117 + ] 118 + }, 119 + "locked": { 120 + "lastModified": 1683560683, 121 + "narHash": "sha256-XAygPMN5Xnk/W2c1aW0jyEa6lfMDZWlQgiNtmHXytPc=", 122 + "owner": "hercules-ci", 123 + "repo": "flake-parts", 124 + "rev": "006c75898cf814ef9497252b022e91c946ba8e17", 125 + "type": "github" 126 + }, 127 + "original": { 128 + "owner": "hercules-ci", 129 + "repo": "flake-parts", 130 + "type": "github" 131 + } 132 + }, 133 + "flake-parts_2": { 134 + "inputs": { 135 + "nixpkgs-lib": [ 99 136 "nixpkgs-wayland", 100 137 "nix-eval-jobs", 101 138 "nixpkgs" ··· 138 175 "systems": "systems_2" 139 176 }, 140 177 "locked": { 178 + "lastModified": 1681202837, 179 + "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", 180 + "owner": "numtide", 181 + "repo": "flake-utils", 182 + "rev": "cfacdce06f30d2b68473a46042957675eebb3401", 183 + "type": "github" 184 + }, 185 + "original": { 186 + "owner": "numtide", 187 + "repo": "flake-utils", 188 + "type": "github" 189 + } 190 + }, 191 + "flake-utils_3": { 192 + "inputs": { 193 + "systems": "systems_3" 194 + }, 195 + "locked": { 141 196 "lastModified": 1685518550, 142 197 "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=", 143 198 "owner": "numtide", ··· 148 203 "original": { 149 204 "owner": "numtide", 150 205 "repo": "flake-utils", 206 + "type": "github" 207 + } 208 + }, 209 + "gitignore": { 210 + "inputs": { 211 + "nixpkgs": [ 212 + "lanzaboote", 213 + "pre-commit-hooks-nix", 214 + "nixpkgs" 215 + ] 216 + }, 217 + "locked": { 218 + "lastModified": 1660459072, 219 + "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", 220 + "owner": "hercules-ci", 221 + "repo": "gitignore.nix", 222 + "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", 223 + "type": "github" 224 + }, 225 + "original": { 226 + "owner": "hercules-ci", 227 + "repo": "gitignore.nix", 151 228 "type": "github" 152 229 } 153 230 }, ··· 315 392 "url": "https://github.com/fxcl/language-servers.nix" 316 393 } 317 394 }, 318 - "lib-aggregate": { 395 + "lanzaboote": { 319 396 "inputs": { 397 + "flake-compat": "flake-compat", 398 + "flake-parts": "flake-parts", 320 399 "flake-utils": "flake-utils_2", 400 + "nixpkgs": [ 401 + "nixpkgs" 402 + ], 403 + "pre-commit-hooks-nix": "pre-commit-hooks-nix" 404 + }, 405 + "locked": { 406 + "lastModified": 1687124707, 407 + "narHash": "sha256-BEC2y7zwDI/Saeupr9rijLvwb0OoqTD9vntlcyciyrM=", 408 + "owner": "nix-community", 409 + "repo": "lanzaboote", 410 + "rev": "c758cdad465e0c8174db57dc493f51a89f0e3372", 411 + "type": "github" 412 + }, 413 + "original": { 414 + "owner": "nix-community", 415 + "repo": "lanzaboote", 416 + "type": "github" 417 + } 418 + }, 419 + "lib-aggregate": { 420 + "inputs": { 421 + "flake-utils": "flake-utils_3", 321 422 "nixpkgs-lib": "nixpkgs-lib" 322 423 }, 323 424 "locked": { ··· 368 469 }, 369 470 "nix-eval-jobs": { 370 471 "inputs": { 371 - "flake-parts": "flake-parts", 472 + "flake-parts": "flake-parts_2", 372 473 "nixpkgs": "nixpkgs_3" 373 474 }, 374 475 "locked": { ··· 448 549 "type": "github" 449 550 } 450 551 }, 552 + "nixpkgs-stable": { 553 + "locked": { 554 + "lastModified": 1678872516, 555 + "narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=", 556 + "owner": "NixOS", 557 + "repo": "nixpkgs", 558 + "rev": "9b8e5abb18324c7fe9f07cb100c3cd4a29cda8b8", 559 + "type": "github" 560 + }, 561 + "original": { 562 + "owner": "NixOS", 563 + "ref": "nixos-22.11", 564 + "repo": "nixpkgs", 565 + "type": "github" 566 + } 567 + }, 451 568 "nixpkgs-unstable": { 452 569 "locked": { 453 570 "lastModified": 1686960236, ··· 466 583 }, 467 584 "nixpkgs-wayland": { 468 585 "inputs": { 469 - "flake-compat": "flake-compat", 586 + "flake-compat": "flake-compat_2", 470 587 "lib-aggregate": "lib-aggregate", 471 588 "nix-eval-jobs": "nix-eval-jobs", 472 589 "nixpkgs": [ ··· 894 1011 "type": "github" 895 1012 } 896 1013 }, 1014 + "pre-commit-hooks-nix": { 1015 + "inputs": { 1016 + "flake-compat": [ 1017 + "lanzaboote", 1018 + "flake-compat" 1019 + ], 1020 + "flake-utils": [ 1021 + "lanzaboote", 1022 + "flake-utils" 1023 + ], 1024 + "gitignore": "gitignore", 1025 + "nixpkgs": [ 1026 + "lanzaboote", 1027 + "nixpkgs" 1028 + ], 1029 + "nixpkgs-stable": "nixpkgs-stable" 1030 + }, 1031 + "locked": { 1032 + "lastModified": 1684842236, 1033 + "narHash": "sha256-rYWsIXHvNhVQ15RQlBUv67W3YnM+Pd+DuXGMvCBq2IE=", 1034 + "owner": "cachix", 1035 + "repo": "pre-commit-hooks.nix", 1036 + "rev": "61e567d6497bc9556f391faebe5e410e6623217f", 1037 + "type": "github" 1038 + }, 1039 + "original": { 1040 + "owner": "cachix", 1041 + "repo": "pre-commit-hooks.nix", 1042 + "type": "github" 1043 + } 1044 + }, 897 1045 "root": { 898 1046 "inputs": { 899 1047 "agenix": "agenix", ··· 903 1051 "hyprland": "hyprland", 904 1052 "hyprpaper": "hyprpaper", 905 1053 "language-servers": "language-servers", 1054 + "lanzaboote": "lanzaboote", 906 1055 "nixos-hardware": "nixos-hardware", 907 1056 "nixpkgs": "nixpkgs_2", 908 1057 "nixpkgs-darwin": "nixpkgs-darwin", ··· 927 1076 } 928 1077 }, 929 1078 "systems_2": { 1079 + "locked": { 1080 + "lastModified": 1681028828, 1081 + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 1082 + "owner": "nix-systems", 1083 + "repo": "default", 1084 + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 1085 + "type": "github" 1086 + }, 1087 + "original": { 1088 + "owner": "nix-systems", 1089 + "repo": "default", 1090 + "type": "github" 1091 + } 1092 + }, 1093 + "systems_3": { 930 1094 "locked": { 931 1095 "lastModified": 1681028828, 932 1096 "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+5
flake.nix
··· 10 10 11 11 nixos-hardware.url = "github:NixOS/nixos-hardware/master"; 12 12 13 + lanzaboote = { 14 + url = "github:nix-community/lanzaboote"; 15 + inputs.nixpkgs.follows = "nixpkgs"; 16 + }; 17 + 13 18 agenix.url = "github:ryantm/agenix"; 14 19 15 20 flake-utils.url = "github:numtide/flake-utils";
+8 -5
home/desktop/eww/eww.scss
··· 5 5 font-size: 0.9rem; 6 6 font-feature-settings: "tnum"; 7 7 font-family: Inter, FontAwesome6Pro; 8 + transition: 200ms ease; 9 + } 10 + 11 + @mixin window { 8 12 color: $color-white; 13 + background-color: $color-shell; 14 + border-radius: 2rem; 15 + padding: 15px; 9 16 } 10 17 11 18 //Global Styles 12 19 .bar { 13 - background-color: $color-shell; 14 - border-radius: 1rem; 15 - padding: 15px; 20 + @include window; 16 21 } 17 - 18 - // Styles on classes (see eww.yuck for more information) 19 22 20 23 .sidestuff slider { 21 24 all: unset;
+28 -14
machines/pepper/hardware.nix
··· 1 - { config, lib, pkgs, nixos-hardware, modulesPath, ... }: 1 + { config, lib, pkgs, nixos-hardware, lanzaboote, modulesPath, ... }: 2 2 3 3 let 4 4 luksUUID = "8f9546b5-56bb-42d3-a230-e81aef2faba5"; ··· 8 8 in { 9 9 imports = [ 10 10 nixos-hardware.nixosModules.framework-12th-gen-intel 11 + lanzaboote.nixosModules.lanzaboote 11 12 (modulesPath + "/installer/scan/not-detected.nix") 12 13 ]; 13 14 14 - boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; 15 - boot.initrd.kernelModules = [ "dm-snapshot" ]; 16 - boot.kernelModules = [ "kvm-intel" ]; 17 - boot.extraModulePackages = [ ]; 18 - boot.supportedFilesystems = [ "btrfs" ]; 15 + boot = { 16 + bootspec.enable = true; 19 17 20 - boot.initrd.luks.devices."enc" = { 21 - device = "/dev/disk/by-uuid/${luksUUID}"; 22 - preLVM = true; 23 - }; 18 + initrd = { 19 + availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; 20 + kernelModules = [ "dm-snapshot" ]; 21 + luks.devices."enc" = { 22 + device = "/dev/disk/by-uuid/${luksUUID}"; 23 + preLVM = true; 24 + }; 25 + }; 26 + kernelModules = [ "kvm-intel" ]; 27 + extraModulePackages = [ ]; 28 + supportedFilesystems = [ "btrfs" ]; 24 29 25 - boot.loader.systemd-boot.enable = true; 26 - boot.loader.efi.canTouchEfiVariables = true; 30 + loader = { 31 + systemd-boot.enable = lib.mkForce false; 32 + efi.canTouchEfiVariables = true; 33 + }; 34 + 35 + lanzaboote = { 36 + enable = true; 37 + pkiBundle = "/etc/secureboot"; 38 + configurationLimit = 3; 39 + }; 40 + 41 + resumeDevice = "/dev/disk/by-uuid/${swapUUID}"; 42 + }; 27 43 28 44 fileSystems."/" = { 29 45 device = "/dev/disk/by-uuid/${rootUUID}"; ··· 57 73 swapDevices = [ 58 74 { device = "/dev/disk/by-uuid/${swapUUID}"; } 59 75 ]; 60 - 61 - boot.resumeDevice = "/dev/disk/by-uuid/${swapUUID}"; 62 76 63 77 # prefer suspend-then-hibernate 64 78 services.logind = {
+4 -1
modules/base/linux.nix
··· 4 4 inherit (import ../../lib/colors.nix inputs) hex; 5 5 inherit (lib) mkDefault; 6 6 in helpers.linuxAttrs { 7 + environment.systemPackages = [ pkgs.sbctl ]; 8 + 7 9 console = { 8 10 earlySetup = true; 9 11 font = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz"; ··· 30 32 }; 31 33 32 34 boot = { 33 - consoleLogLevel = 2; 35 + bootspec.enable = lib.mkDefault true; 36 + consoleLogLevel = lib.mkDefault 2; 34 37 35 38 loader = { 36 39 timeout = mkDefault 2;
+2
modules/base/nix-config.nix
··· 18 18 # binary caches 19 19 substituters = [ 20 20 "https://cache.nixos.org" 21 + "https://nix-community.cachix.org" 21 22 "https://hyprland.cachix.org" 22 23 "https://nixpkgs-wayland.cachix.org" 23 24 ]; 24 25 trusted-public-keys = [ 25 26 "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" 27 + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" 26 28 "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" 27 29 "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA=" 28 30 ];
+1 -3
modules/base/shell.nix
··· 1 1 { lib, pkgs, ... }: 2 2 3 3 { 4 - environment.systemPackages = [ 5 - pkgs.zsh 6 - ]; 4 + environment.systemPackages = [ pkgs.zsh ]; 7 5 8 6 environment.pathsToLink = [ "/share/zsh" ]; 9 7 environment.variables = {