lanzaboote

2025-11-24 11:33:48 -06:00
parent bb788d1de3
commit c9d5d469c8
3 changed files with 27 additions and 42 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -123,11 +123,11 @@
    },
    "crane": {
      "locked": {
-        "lastModified": 1731098351,
-        "narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=",
+        "lastModified": 1754269165,
+        "narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=",
        "owner": "ipetkov",
        "repo": "crane",
-        "rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28",
+        "rev": "444e81206df3f7d92780680e45858e31d2f07a08",
        "type": "github"
      },
      "original": {
@@ -209,11 +209,11 @@
    "flake-compat_3": {
      "flake": false,
      "locked": {
-        "lastModified": 1696426674,
-        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "lastModified": 1747046372,
+        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
        "owner": "edolstra",
        "repo": "flake-compat",
-        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
        "type": "github"
      },
      "original": {
@@ -310,11 +310,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1730504689,
-        "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
+        "lastModified": 1754091436,
+        "narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "506278e768c2a08bec68eb62932193e341f55c90",
+        "rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd",
        "type": "github"
      },
      "original": {
@@ -612,16 +612,16 @@
        "rust-overlay": "rust-overlay_3"
      },
      "locked": {
-        "lastModified": 1737639419,
-        "narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=",
+        "lastModified": 1762205063,
+        "narHash": "sha256-If6vQ+KvtKs3ARBO9G3l+4wFSCYtRBrwX1z+I+B61wQ=",
        "owner": "nix-community",
        "repo": "lanzaboote",
-        "rev": "a65905a09e2c43ff63be8c0e86a93712361f871e",
+        "rev": "88b8a563ff5704f4e8d8e5118fb911fa2110ca05",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
-        "ref": "v0.4.2",
+        "ref": "v0.4.3",
        "repo": "lanzaboote",
        "type": "github"
      }
@@ -941,22 +941,6 @@
      }
    },
    "nixpkgs-stable_2": {
-      "locked": {
-        "lastModified": 1730741070,
-        "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-24.05",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs-stable_3": {
      "locked": {
        "lastModified": 1763049705,
        "narHash": "sha256-A5LS0AJZ1yDPTa2fHxufZN++n8MCmtgrJDtxFxrH4S8=",
@@ -1134,11 +1118,11 @@
    },
    "nixpkgs_6": {
      "locked": {
-        "lastModified": 1731919951,
-        "narHash": "sha256-vOM6ETpl1yu9KLi/icTmLJIPbbdJCdAVYUXZceO/Ce4=",
+        "lastModified": 1754243818,
+        "narHash": "sha256-sEPw2W01UPf0xNGnMGNZIaE1XHkk7O+lLLetYEXVZHk=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "04386ac325a813047fc314d4b4d838a5b1e3c7fe",
+        "rev": "c460617dfb709a67d18bb31e15e455390ee4ee1c",
        "type": "github"
      },
      "original": {
@@ -1206,15 +1190,14 @@
        "nixpkgs": [
          "lanzaboote",
          "nixpkgs"
-        ],
-        "nixpkgs-stable": "nixpkgs-stable_2"
+        ]
      },
      "locked": {
-        "lastModified": 1731363552,
-        "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=",
+        "lastModified": 1750779888,
+        "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
-        "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0",
+        "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
        "type": "github"
      },
      "original": {
@@ -1316,7 +1299,7 @@
        "nixos-hardware": "nixos-hardware",
        "nixos-raspberrypi": "nixos-raspberrypi",
        "nixpkgs": "nixpkgs_13",
-        "nixpkgs-stable": "nixpkgs-stable_3",
+        "nixpkgs-stable": "nixpkgs-stable_2",
        "pre-commit-hooks-nix": "pre-commit-hooks-nix_2",
        "snowfall-lib": "snowfall-lib",
        "sops-nix": "sops-nix",
@@ -1374,11 +1357,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1731897198,
-        "narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=",
+        "lastModified": 1761791894,
+        "narHash": "sha256-myRIDh+PxaREz+z9LzbqBJF+SnTFJwkthKDX9zMyddY=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "0be641045af6d8666c11c2c40e45ffc9667839b5",
+        "rev": "59c45eb69d9222a4362673141e00ff77842cd219",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -19,7 +19,7 @@

    impermanence.url = "github:nix-community/impermanence";

-    lanzaboote.url = "github:nix-community/lanzaboote/v0.4.2";
+    lanzaboote.url = "github:nix-community/lanzaboote/v0.4.3";

    nixos-hardware.url = "github:NixOS/nixos-hardware/master";

--- a/modules/nixos/hardware/raspberry-pi/default.nix
+++ b/modules/nixos/hardware/raspberry-pi/default.nix
@@ -51,6 +51,8 @@ in
    # Pi specific settings
    hardware.graphics.enable32Bit = lib.mkForce false;

+    boot.loader.raspberry-pi.bootloader = if cfg.variant == "5" then "kernel" else "uboot";
+
    # Pi specific system tags
    system.nixos.tags = (
      let