commit 7aa3e3b387c6f29c8dbc3cf7d9f3520a8141c93c · freshlybakedca.ke/patisserie

+16

packetmix/npins/sources.json

··· 159 159 "url": "https://github.com/nix-community/impermanence/archive/4b3e914cdf97a5b536a889e939fb2fd2b043a170.tar.gz", 160 160 "hash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=" 161 161 }, 162 + "lanzaboote": { 163 + "type": "GitRelease", 164 + "repository": { 165 + "type": "GitHub", 166 + "owner": "nix-community", 167 + "repo": "lanzaboote" 168 + }, 169 + "pre_releases": false, 170 + "version_upper_bound": null, 171 + "release_prefix": null, 172 + "submodules": false, 173 + "version": "v0.4.2", 174 + "revision": "f0212638a2ec787a7841882f4477d40ae24f0a5d", 175 + "url": "https://api.github.com/repos/nix-community/lanzaboote/tarball/refs/tags/v0.4.2", 176 + "hash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=" 177 + }, 162 178 "lix": { 163 179 "type": "Git", 164 180 "repository": {

+28

packetmix/systems/redhead/lanzaboote.nix

··· 1 + # SPDX-FileCopyrightText: 2025 FreshlyBakedCake 2 + # 3 + # SPDX-License-Identifier: MIT 4 + 5 + { project, pkgs, lib, ... }: 6 + { 7 + imports = [ project.inputs.lanzaboote.result.nixosModules.lanzaboote ]; 8 + 9 + environment.systemPackages = [ 10 + pkgs.sbctl 11 + ]; 12 + 13 + boot.loader.systemd-boot.enable = lib.mkForce false; 14 + boot.lanzaboote = { 15 + enable = true; 16 + pkiBundle = "/var/lib/sbctl"; 17 + publicKeyFile = "/secrets/lanzaboote/db/db.pem"; 18 + privateKeyFile = "/secrets/lanzaboote/db/db.key"; 19 + }; 20 + 21 + environment.etc."sbctl/sbctl.conf".text = builtins.toJSON { 22 + keydir = "/secrets/lanzaboote"; 23 + }; 24 + 25 + clicks.storage.impermanence.persist.directories = [ 26 + "/var/lib/sbctl" 27 + ]; 28 + }

+3

packetmix/workspace.josh.license

··· 1 + SPDX-FileCopyrightText: 2025 FreshlyBakedCake 2 + 3 + SPDX-License-Identifier: CC0-1.0