min
/
lanzaboote
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #25 from nix-community/flake 

Deduplicate nixpkgs in Flakes Inputs
This commit is contained in:
Julian Stecklina 2022-12-11 14:47:27 +00:00 committed by GitHub
parent 06da27529f 3a0a8e7d71
commit 1a63419003
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 24 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
flake.lock
View File

@ -3,11 +3,15 @@
"crane": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"flake-utils": [
"flake-utils"
],
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay"
"rust-overlay": [
"rust-overlay"
]
},
"locked": {
"lastModified": 1669605882,
@ -54,21 +58,6 @@
"type": "github"
}
},
"flake-utils_2": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1669535121,
@ -101,60 +90,24 @@
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1665296151,
"narHash": "sha256-uOB0oxqxN9K7XGF1hcnY+PQnlQJ+3bP2vCn/+Ru/bbc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "14ccaaedd95a488dd7ae142757884d8e125b3363",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"crane": "crane",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs",
"nixpkgs-test": "nixpkgs-test",
"rust-overlay": "rust-overlay_2"
"rust-overlay": "rust-overlay"
}
},
"rust-overlay": {
"inputs": {
"flake-utils": [
"crane",
"flake-utils"
],
"nixpkgs": [
"crane",
"nixpkgs"
]
},
"locked": {
"lastModified": 1667487142,
"narHash": "sha256-bVuzLs1ZVggJAbJmEDVO9G6p8BH3HRaolK70KXvnWnU=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "cf668f737ac986c0a89e83b6b2e3c5ddbd8cf33b",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_2": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1669602829,
"narHash": "sha256-I3LBvBiVui4Rf0iQvTqUIgBovaLDzpOzsoNEzCsDowg=",

17
flake.nix
View File

@ -7,13 +7,21 @@
crane = {
url = "github:ipetkov/crane";
inputs.nixpkgs.follows = "nixpkgs";
inputs.rust-overlay.follows = "rust-overlay";
inputs.flake-utils.follows = "flake-utils";
};
nixpkgs-test.url = "github:RaitoBezarius/nixpkgs/experimental-secureboot";
rust-overlay.url = "github:oxalica/rust-overlay";
rust-overlay = {
url = "github:oxalica/rust-overlay";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
};
flake-utils.url = "github:numtide/flake-utils";
};
outputs = { self, nixpkgs, crane, nixpkgs-test, rust-overlay }:
outputs = { self, nixpkgs, crane, nixpkgs-test, rust-overlay, ... }:
let
pkgs = import nixpkgs {
system = "x86_64-linux";
@ -85,7 +93,10 @@
inherit lanzatool;
};
nixosModules.lanzaboote = import ./nix/lanzaboote.nix;
nixosModules.lanzaboote = { pkgs, lib, ... }: {
imports = [ ./nix/lanzaboote.nix ];
boot.lanzaboote.package = lib.mkDefault self.packages.${pkgs.system}.lanzatool;
};
packages.x86_64-linux = {
inherit lanzaboote lanzatool;

5
nix/lanzaboote.nix
View File

@ -12,17 +12,16 @@ in
enrollKeys = mkEnableOption "Automatic enrollment of the keys using sbctl";
pkiBundle = mkOption {
type = types.nullOr types.path;
default = null;
description = "PKI bundle containg db, PK, KEK";
};
publicKeyFile = mkOption {
type = types.path;
default = if cfg.pkiBundle != null then "${cfg.pkiBundle}/keys/db/db.pem" else null;
default = "${cfg.pkiBundle}/keys/db/db.pem";
description = "Public key to sign your boot files";
};
privateKeyFile = mkOption {
type = types.path;
default = if cfg.pkiBundle != null then "${cfg.pkiBundle}/keys/db/db.key" else null;
default = "${cfg.pkiBundle}/keys/db/db.key";
description = "Private key to sign your boot files";
};
package = mkOption {