diff --git a/flake.lock b/flake.lock index 1fee90dd9..22145a405 100644 --- a/flake.lock +++ b/flake.lock @@ -130,10 +130,7 @@ }, "crane": { "inputs": { - "nixpkgs": [ - "lanzaboote", - "nixpkgs" - ] + "nixpkgs": "nixpkgs_16" }, "locked": { "lastModified": 1717535930, @@ -631,11 +628,11 @@ "systems": "systems_6" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -1322,22 +1319,21 @@ "crane": "crane", "flake-compat": "flake-compat_5", "flake-parts": "flake-parts_6", - "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_16", + "nixpkgs": "nixpkgs_17", "pre-commit-hooks-nix": "pre-commit-hooks-nix", "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1718178907, - "narHash": "sha256-eSZyrQ9uoPB9iPQ8Y5H7gAmAgAvCw3InStmU3oEjqsE=", + "lastModified": 1737639419, + "narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "b627ccd97d0159214cee5c7db1412b75e4be6086", + "rev": "a65905a09e2c43ff63be8c0e86a93712361f871e", "type": "github" }, "original": { "owner": "nix-community", - "ref": "v0.4.1", + "ref": "v0.4.2", "repo": "lanzaboote", "type": "github" } @@ -1420,7 +1416,7 @@ }, "nix-index-database": { "inputs": { - "nixpkgs": "nixpkgs_17" + "nixpkgs": "nixpkgs_18" }, "locked": { "lastModified": 1737257306, @@ -1691,63 +1687,63 @@ }, "nixpkgs_16": { "locked": { - "lastModified": 1717794163, - "narHash": "sha256-Ch6ZpFPVvi7Bb6gmmuufpTEFkXqa43pC94XMfU5FEt0=", + "lastModified": 1737717945, + "narHash": "sha256-ET91TMkab3PmOZnqiJQYOtSGvSTvGeHoegAv4zcTefM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "121f68ed7c6c32de5a8ce91a08ef25713d1c4755", + "rev": "ecd26a469ac56357fd333946a99086e992452b6a", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable-small", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_17": { "locked": { - "lastModified": 1737062831, - "narHash": "sha256-Tbk1MZbtV2s5aG+iM99U8FqwxU/YNArMcWAv6clcsBc=", + "lastModified": 1717794163, + "narHash": "sha256-Ch6ZpFPVvi7Bb6gmmuufpTEFkXqa43pC94XMfU5FEt0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5df43628fdf08d642be8ba5b3625a6c70731c19c", + "rev": "121f68ed7c6c32de5a8ce91a08ef25713d1c4755", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixos-unstable-small", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_18": { "locked": { - "lastModified": 1737824033, - "narHash": "sha256-7USAnEUf3idXLhXSmBbLWQWErxQ8el+pGLPlEbszIFI=", - "owner": "nixos", + "lastModified": 1737062831, + "narHash": "sha256-Tbk1MZbtV2s5aG+iM99U8FqwxU/YNArMcWAv6clcsBc=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "fb8a07b82e3d8e541cd7a8bc0a0147f2c981f3fe", + "rev": "5df43628fdf08d642be8ba5b3625a6c70731c19c", "type": "github" }, "original": { - "owner": "nixos", + "owner": "NixOS", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_19": { "locked": { - "lastModified": 1737632463, - "narHash": "sha256-38J9QfeGSej341ouwzqf77WIHAScihAKCt8PQJ+NH28=", + "lastModified": 1737824033, + "narHash": "sha256-7USAnEUf3idXLhXSmBbLWQWErxQ8el+pGLPlEbszIFI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "0aa475546ed21629c4f5bbf90e38c846a99ec9e9", + "rev": "fb8a07b82e3d8e541cd7a8bc0a0147f2c981f3fe", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -1766,6 +1762,22 @@ } }, "nixpkgs_20": { + "locked": { + "lastModified": 1737632463, + "narHash": "sha256-38J9QfeGSej341ouwzqf77WIHAScihAKCt8PQJ+NH28=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "0aa475546ed21629c4f5bbf90e38c846a99ec9e9", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_21": { "locked": { "lastModified": 1704290814, "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=", @@ -1781,7 +1793,7 @@ "type": "github" } }, - "nixpkgs_21": { + "nixpkgs_22": { "locked": { "lastModified": 1731763621, "narHash": "sha256-ddcX4lQL0X05AYkrkV2LMFgGdRvgap7Ho8kgon3iWZk=", @@ -1797,7 +1809,7 @@ "type": "github" } }, - "nixpkgs_22": { + "nixpkgs_23": { "locked": { "lastModified": 1735554305, "narHash": "sha256-zExSA1i/b+1NMRhGGLtNfFGXgLtgo+dcuzHzaWA6w3Q=", @@ -1813,7 +1825,7 @@ "type": "github" } }, - "nixpkgs_23": { + "nixpkgs_24": { "locked": { "lastModified": 1735471104, "narHash": "sha256-0q9NGQySwDQc7RhAV2ukfnu7Gxa5/ybJ2ANT8DQrQrs=", @@ -1829,7 +1841,7 @@ "type": "github" } }, - "nixpkgs_24": { + "nixpkgs_25": { "locked": { "lastModified": 1735821806, "narHash": "sha256-cuNapx/uQeCgeuhUhdck3JKbgpsml259sjUQnWM7zW8=", @@ -1985,7 +1997,7 @@ "nur": { "inputs": { "flake-parts": "flake-parts_7", - "nixpkgs": "nixpkgs_19", + "nixpkgs": "nixpkgs_20", "treefmt-nix": "treefmt-nix_3" }, "locked": { @@ -2109,7 +2121,7 @@ "nix-flatpak": "nix-flatpak", "nix-index-database": "nix-index-database", "nixos-wsl": "nixos-wsl", - "nixpkgs": "nixpkgs_18", + "nixpkgs": "nixpkgs_19", "nixpkgs-master": "nixpkgs-master_2", "nixpkgs-rocm": "nixpkgs-rocm", "nixpkgs-unstable": "nixpkgs-unstable", @@ -2161,10 +2173,7 @@ }, "rust-overlay_2": { "inputs": { - "flake-utils": [ - "lanzaboote", - "flake-utils" - ], + "flake-utils": "flake-utils_3", "nixpkgs": [ "lanzaboote", "nixpkgs" @@ -2224,7 +2233,7 @@ "snowfall-flake": { "inputs": { "flake-compat": "flake-compat_7", - "nixpkgs": "nixpkgs_20", + "nixpkgs": "nixpkgs_21", "snowfall-lib": "snowfall-lib" }, "locked": { @@ -2289,7 +2298,7 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_21" + "nixpkgs": "nixpkgs_22" }, "locked": { "lastModified": 1737411508, @@ -2488,7 +2497,7 @@ }, "treefmt-nix_4": { "inputs": { - "nixpkgs": "nixpkgs_22" + "nixpkgs": "nixpkgs_23" }, "locked": { "lastModified": 1737483750, @@ -2525,7 +2534,7 @@ "waybar": { "inputs": { "flake-compat": "flake-compat_10", - "nixpkgs": "nixpkgs_23" + "nixpkgs": "nixpkgs_24" }, "locked": { "lastModified": 1737793892, @@ -2547,7 +2556,7 @@ "freetype2": "freetype2", "harfbuzz": "harfbuzz", "libpng": "libpng", - "nixpkgs": "nixpkgs_24", + "nixpkgs": "nixpkgs_25", "rust-overlay": "rust-overlay_3", "zlib": "zlib" }, diff --git a/flake.nix b/flake.nix index 3cb4bdebe..118fe319b 100644 --- a/flake.nix +++ b/flake.nix @@ -22,7 +22,7 @@ # home-manager.url = "git+file:///Users/khaneliman/Documents/github/home-manager"; # Secure boot - lanzaboote.url = "github:nix-community/lanzaboote/v0.4.1"; + lanzaboote.url = "github:nix-community/lanzaboote/v0.4.2"; # nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs"; diff --git a/modules/nixos/system/boot/default.nix b/modules/nixos/system/boot/default.nix index 16059c3ec..33313cb8e 100644 --- a/modules/nixos/system/boot/default.nix +++ b/modules/nixos/system/boot/default.nix @@ -57,7 +57,7 @@ in lanzaboote = mkIf cfg.secureBoot { enable = true; - pkiBundle = "/etc/secureboot"; + pkiBundle = "/var/lib/sbctl"; }; loader = { diff --git a/templates/snowfall/modules/nixos/system/boot/default.nix b/templates/snowfall/modules/nixos/system/boot/default.nix index 229b2476c..e95cf47f8 100644 --- a/templates/snowfall/modules/nixos/system/boot/default.nix +++ b/templates/snowfall/modules/nixos/system/boot/default.nix @@ -58,7 +58,7 @@ in lanzaboote = mkIf cfg.secureBoot { enable = true; - pkiBundle = "/etc/secureboot"; + pkiBundle = "/var/lib/sbctl"; }; loader = {