diff --git a/flake.lock b/flake.lock index 7f22d0a..9ca62fe 100644 --- a/flake.lock +++ b/flake.lock @@ -21,27 +21,6 @@ "type": "github" } }, - "crane": { - "inputs": { - "nixpkgs": [ - "lanzaboote", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1721842668, - "narHash": "sha256-k3oiD2z2AAwBFLa4+xfU+7G5fisRXfkvrMTCJrjZzXo=", - "owner": "ipetkov", - "repo": "crane", - "rev": "529c1a0b1f29f0d78fa3086b8f6a134c71ef3aaf", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, "darwin": { "inputs": { "nixpkgs": [ @@ -136,44 +115,7 @@ "type": "github" } }, - "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "lanzaboote", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1719994518, - "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_2": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_2" }, @@ -191,7 +133,7 @@ "type": "github" } }, - "flake-parts_3": { + "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "nixThePlanet", @@ -212,7 +154,7 @@ "type": "indirect" } }, - "flake-parts_4": { + "flake-parts_3": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_3" }, @@ -343,31 +285,9 @@ "type": "github" } }, - "gitignore_2": { - "inputs": { - "nixpkgs": [ - "lanzaboote", - "pre-commit-hooks-nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, "hercules-ci-effects": { "inputs": { - "flake-parts": "flake-parts_3", + "flake-parts": "flake-parts_2", "nixpkgs": "nixpkgs_4" }, "locked": { @@ -433,11 +353,11 @@ ] }, "locked": { - "lastModified": 1726985855, - "narHash": "sha256-NJPGK030Y3qETpWBhj9oobDQRbXdXOPxtu+YgGvZ84o=", + "lastModified": 1726902823, + "narHash": "sha256-Gkc7pwTVLKj4HSvRt8tXNvosl8RS9hrBAEhOjAE0Tt4=", "owner": "nix-community", "repo": "home-manager", - "rev": "04213d1ce4221f5d9b40bcee30706ce9a91d148d", + "rev": "14929f7089268481d86b83ed31ffd88713dcd415", "type": "github" }, "original": { @@ -499,31 +419,6 @@ "type": "github" } }, - "lanzaboote": { - "inputs": { - "crane": "crane", - "flake-compat": "flake-compat_2", - "flake-parts": "flake-parts", - "nixpkgs": [ - "nixpkgs" - ], - "pre-commit-hooks-nix": "pre-commit-hooks-nix", - "rust-overlay": "rust-overlay" - }, - "locked": { - "lastModified": 1725379389, - "narHash": "sha256-qS1H/5/20ewJIXmf8FN2A5KTOKKU9elWvCPwdBi1P/U=", - "owner": "nix-community", - "repo": "lanzaboote", - "rev": "e7bd94e0b5ff3c1e686f2101004ebf4fcea9d871", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "lanzaboote", - "type": "github" - } - }, "lix": { "flake": false, "locked": { @@ -568,11 +463,11 @@ "mobile-nixos": { "flake": false, "locked": { - "lastModified": 1726960027, - "narHash": "sha256-BJe+6Gpqu98Mhi1oAfrJK25SZvvQgfYqpmLaXvXgQ9g=", + "lastModified": 1725601293, + "narHash": "sha256-PLk1m0ZukClV+qrszd6WaNclpge8zGsSBTOAwYB9es4=", "owner": "NixOS", "repo": "mobile-nixos", - "rev": "a386813d9ec46fa32e51488f7d48c0e1bde77f8e", + "rev": "672f8299e484301994858d9220921309f631d616", "type": "github" }, "original": { @@ -637,11 +532,11 @@ ] }, "locked": { - "lastModified": 1727003835, - "narHash": "sha256-Cfllbt/ADfO8oxbT984MhPHR6FJBaglsr1SxtDGbpec=", + "lastModified": 1726742753, + "narHash": "sha256-QclpWrIFIg/yvWRiOUaMp1WR+TGUE9tb7RE31xHlxWc=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "bd7d1e3912d40f799c5c0f7e5820ec950f1e0b3d", + "rev": "c03f85fa42d68d1056ca1740f3113b04f3addff2", "type": "github" }, "original": { @@ -652,7 +547,7 @@ }, "nixThePlanet": { "inputs": { - "flake-parts": "flake-parts_2", + "flake-parts": "flake-parts", "hercules-ci-effects": "hercules-ci-effects", "nixpkgs": [ "nixpkgs" @@ -817,22 +712,6 @@ "type": "github" } }, - "nixpkgs-stable_2": { - "locked": { - "lastModified": 1720386169, - "narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "194846768975b7ad2c4988bdb82572c00222c0d7", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { "lastModified": 1720181791, @@ -882,11 +761,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1727007089, - "narHash": "sha256-vsyRYF7MSJE5FHrQdcY3g+CORy6K/6NW+Cw00+VvNy0=", + "lastModified": 1726930246, + "narHash": "sha256-BG4Qyero2a5DsfC4CDT5Jx9l7h4/N0/7JD0agHoBSGk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9c711566cde5929768e311413eaa2399631624ce", + "rev": "29768748c8e6ce4e9b1fba2b5a978576ece5b3a4", "type": "github" }, "original": { @@ -995,33 +874,6 @@ "type": "gitlab" } }, - "pre-commit-hooks-nix": { - "inputs": { - "flake-compat": [ - "lanzaboote", - "flake-compat" - ], - "gitignore": "gitignore_2", - "nixpkgs": [ - "lanzaboote", - "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable_2" - }, - "locked": { - "lastModified": 1721042469, - "narHash": "sha256-6FPUl7HVtvRHCCBQne7Ylp4p+dpP3P/OYuzjztZ4s70=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "f451c19376071a90d8c58ab1a953c6e9840527fd", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, "purescript-overlay": { "inputs": { "nixpkgs": [ @@ -1064,7 +916,7 @@ "rock5b": { "inputs": { "fan-control": "fan-control", - "flake-parts": "flake-parts_4", + "flake-parts": "flake-parts_3", "kernel-src": "kernel-src", "nixpkgs": "nixpkgs_6", "nixpkgs-kernel": "nixpkgs-kernel", @@ -1096,7 +948,6 @@ "homeManager": "homeManager", "homeManagerGitWorkspace": "homeManagerGitWorkspace", "impermanence": "impermanence", - "lanzaboote": "lanzaboote", "lix": "lix", "lix-module": "lix-module", "mobile-nixos": "mobile-nixos", @@ -1110,27 +961,6 @@ "vscode-server": "vscode-server" } }, - "rust-overlay": { - "inputs": { - "nixpkgs": [ - "lanzaboote", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1722219664, - "narHash": "sha256-xMOJ+HW4yj6e69PvieohUJ3dBSdgCfvI0nnCEe6/yVc=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "a6fbda5d9a14fb5f7c69b8489d24afeb349c7bb4", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, "scss-reset": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index 65cf299..d4bf146 100644 --- a/flake.nix +++ b/flake.nix @@ -55,10 +55,6 @@ }; impermanence.url = "github:nix-community/impermanence"; vscode-server.url = "github:nix-community/nixos-vscode-server"; - lanzaboote = { - url = "github:nix-community/lanzaboote"; - inputs.nixpkgs.follows = "nixpkgs"; - }; }; outputs = diff --git a/hosts/default.nix b/hosts/default.nix index 18e0bc7..748d6a4 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -11,6 +11,66 @@ nixOnDroidHosts.janeway = { }; hosts = { + # thinkpad = { + # extraModules = with inputs; [ + # nixosHardware.nixosModules.lenovo-thinkpad-x1-7th-gen + # buildbot-nix.nixosModules.buildbot-master + # buildbot-nix.nixosModules.buildbot-worker + # ]; + # extraHmModules = with inputs; [ + # ccrEmacs.hmModules.default + # { + # # TODO: remove after https://github.com/nix-community/home-manager/pull/3811 + # imports = let + # hmModules = "${inputs.homeManagerGitWorkspace}/modules"; + # in [ + # "${hmModules}/services/git-workspace.nix" + # ]; + # } + # ]; + # overlays = [inputs.nil.overlays.default]; + # secrets = { + # "thinkpad-wireguard-private-key" = {}; + # "cachix-personal-token".owner = "ccr"; + # "autistici-password".owner = "ccr"; + # "git-workspace-tokens".owner = "ccr"; + # "chatgpt-token".owner = "ccr"; + # }; + # }; + # rock5b = { + # system = "aarch64-linux"; + # extraModules = with inputs; [ + # disko.nixosModules.disko + # rock5b.nixosModules.default + # ]; + # secrets = { + # "rock5b-wireguard-private-key" = {}; + # "hercules-ci-join-token".owner = "hercules-ci-agent"; + # "hercules-ci-binary-caches".owner = "hercules-ci-agent"; + # "cachix-personal-token".owner = "ccr"; + # "home-planimetry".owner = "hass"; + # "cloudflare-dyndns-api-token" = {}; + # # "nextcloud-admin-pass".owner = "nextcloud"; + # # "aws-credentials" = {}; + # }; + # colmena.deployment.buildOnTarget = true; + # }; + # pbp = { + # system = "aarch64-linux"; + # extraModules = with inputs; [ + # nixosHardware.nixosModules.pine64-pinebook-pro + # disko.nixosModules.disko + # ]; + # extraHmModules = [ + # inputs.ccrEmacs.hmModules.default + # ]; + # secrets = { + # "pbp-wireguard-private-key" = {}; + # "cachix-personal-token".owner = "ccr"; + # "chatgpt-token".owner = "ccr"; + # }; + # }; + deltaflyer = { nixpkgs = let @@ -46,6 +106,7 @@ inputs.lix-module.nixosModules.default ]; extraHmModules = [ + # inputs.ccrEmacs.hmModules.default "${inputs.homeManagerGitWorkspace}/modules/services/git-workspace.nix" ]; secrets = { @@ -67,7 +128,7 @@ inputs.disko.nixosModules.disko inputs.nixThePlanet.nixosModules.macos-ventura inputs.lix-module.nixosModules.default - inputs.lanzaboote.nixosModules.lanzaboote + # inputs.hercules-ci-agent.nixosModules.agent-service ]; extraHmModules = [ # inputs.ccrEmacs.hmModules.default @@ -78,9 +139,13 @@ "picard-wireguard-private-key" = { }; "chatgpt-token".owner = "ccr"; "cachix-personal-token".owner = "ccr"; + "hercules-ci-join-token".owner = "hercules-ci-agent"; + "hercules-ci-binary-caches".owner = "hercules-ci-agent"; + "hercules-ci-secrets-json".owner = "hercules-ci-agent"; "git-workspace-tokens".owner = "ccr"; "autistici-password".owner = "ccr"; "restic-hetzner-password" = { }; + "aws-credentials".owner = "hercules-ci-agent"; "forgejo-runners-token".owner = "nixuser"; "forgejo-nix-access-tokens".owner = "nixuser"; }; @@ -95,16 +160,26 @@ extraModules = with inputs; [ disko.nixosModules.disko impermanence.nixosModules.impermanence + # lix-module.nixosModules.default + # inputs.hercules-ci-agent.nixosModules.agent-service; + # rock5b.nixosModules.default ]; secrets = { "sisko-wireguard-private-key" = { }; + "hercules-ci-join-token".owner = "hercules-ci-agent"; + "hercules-ci-binary-caches".owner = "hercules-ci-agent"; + "hercules-ci-secrets-json".owner = "hercules-ci-agent"; "cachix-personal-token".owner = "ccr"; "home-planimetry".owner = "hass"; "home-assistant-token".owner = "prometheus"; "grafana-password".owner = "grafana"; "cloudflare-dyndns-api-token" = { }; "restic-hetzner-password" = { }; + # "minio-credentials".owner = "minio"; + # "aws-credentials".owner = "hercules-ci-agent"; "hass-ssh-key".owner = "hass"; + # "matrix-registration-shared-secret".owner = "matrix-synapse"; + # "matrix-sliding-sync-secret".owner = "matrix-synapse"; "autistici-password" = { # FIXME terrible, should create a third ad-hoc group owner = "grafana"; diff --git a/hosts/picard/default.nix b/hosts/picard/default.nix index 509a13a..8f4be62 100644 --- a/hosts/picard/default.nix +++ b/hosts/picard/default.nix @@ -26,6 +26,7 @@ "waydroid" "virt-manager" "ssh-initrd" + "hercules-ci" "printing" "pam" "wireguard-client" @@ -128,15 +129,12 @@ boot.loader.efi.canTouchEfiVariables = true; boot.loader.systemd-boot = { - enable = lib.mkForce false; # needed by lanzaboote - }; - boot.lanzaboote = { enable = true; - pkiBundle = "/etc/secureboot"; configurationLimit = 20; }; - boot.kernelPackages = pkgs.linuxKernel.packages.linux_6_10; + # boot.kernelPackages = pkgs.linuxKernel.packages.linux_6_8; + boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; networking.hostId = "5b02e763";