From afd14b2ae644bc8d774b7eaddad385199689c937 Mon Sep 17 00:00:00 2001 From: Taylor Bockman Date: Mon, 6 Jun 2016 20:00:35 -0700 Subject: [PATCH] Add nix files --- dotfiles/gitconfig | 0 nix/INSTALLATION.md | 99 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 99 insertions(+) create mode 100644 dotfiles/gitconfig create mode 100644 nix/INSTALLATION.md diff --git a/dotfiles/gitconfig b/dotfiles/gitconfig new file mode 100644 index 0000000..e69de29 diff --git a/nix/INSTALLATION.md b/nix/INSTALLATION.md new file mode 100644 index 0000000..d38a542 --- /dev/null +++ b/nix/INSTALLATION.md @@ -0,0 +1,99 @@ +# INSTALLING ENCRYPTED NIX OS + +This is just a random jumbling of notes I took when I installed Nix on my T440s. + +## Partitioning + +I used the graphical installer and gparted to do partitioning. + + +First, the partition table should be GPT. + +1MB grub data partition - EXT4 and bios_grub flag set. I called this partition "grub". Make sure to click "apply". +Otherwise it will not let you right click -> manage flags to set `bios_grub` to true. + +1GB boot partition - on the large side but I have 500GB to spend. Set this to fat32. Flags are "boot" and "esp". + +Finally use the remaining space in one big partition, format it to EXT4 with the lvm flag, and commit it. + +## Disk Encryption + +The large LVM partition above is our encrypted partition. + +Type `cryptSetup luksFormat /dev/sdX3` where `sdX` is the drive name. Enter a good password. Not used anywhere +else. + +Now we need to create the partitions + +`cryptsetup luksOpen /dev/sdX3 enc-pv` and enter the password from above. + +`pvcreate /dev/mapper/enc-pv` to initialize the partition. + +`vgcreate vg /dev/mapper/enc-pv` to create the volume group `vg` on `/dev/mapper/enc-pv` from above. + +`lvcreate -L 16GB -n swap vg` to create a swap logical volume on vg. I went with 2x RAM_SIZE_IN_GB. This is a little +excessive and can be reduced quite a bit. + +`lvcreate -l 100%FREE -n root vg` to create the root logical volume on vg. This consumes the remaining space in the +volume group. + +## Partition Formatting and Mounting + +Since we used `gparted` it is not necessary to format the unencrypted partitions. + +For `root` however we need to format it `ext4` (or whatever format you want) and also configure the swap. + +`mkfs.ext4 -0 dir_index -j -L root /dev/vg/root` to format the root as `ext4`. + +`mkswap -L swap /dev/vg/swap`. + +Now let's mount these for installation: + +`mount /dev/vg/root /mnt` +`mkdir /mnt/boot` +`mount /dev/sdX2 /mnt/boot` +`swapon /dev/vg/swap` + +## Initial Nix Configuration + +Now we need to set up a barebones configuration so we can see if we can boot up. + +`nixos-generate-config --root /mnt` + +This will give us two files, `/etc/nixos/hardware-configuration.nix` and `/etc/nixos/configuration.nix` to set the +system up with. + +The defaults are fairly sane for an initial boot. Double check to make sure everything looks okay according to +your system specs. + +The major change we need to make is to let NixOS know we have an encrypted partition. Add the following into the +`configuration.nix` file. + +``` +boot.initrd.luks.devices = [ + { name = "root"; device = "/dev/sdX3"; preLVM = true; } +]; +``` + +I tend to keep my boot stuff grouped together near the top. + +We will keep the `gummiboot` related lines. `gummiboot` is a good enough bootloader for our purposes. + +In your `hardware-configuration.nix` file your boot partition may not have the right `fsType`. Change it to `vfat` if +necessary. + +Finally, add `networking.wireless.enable = true;` to the file so we can use `wpa_supplicant` when we boot back up. + +now type `reboot` to reboot. You should see gummiboot. + +## Installing the Rest of the System + +Now that the hardest part is over we can configure Nix. + +Let's begin by setting up a user. + +`useradd -m ` +`passwd ` +`groupadd -a -G wheel ` + +This will grant your user access to everything under sudo.