angrygoats
/
essentials
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
443 Commits
1 Branch
0 Tags
116 MiB
 
 
 
 
 
 
Tree: a86f293004
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a86f293004'
${ noResults }
essentials/nix/INSTALLATION.md

3.2 KiB
Raw Blame History

INSTALLING ENCRYPTED NIX OS

This is just a random jumbling of notes I took when I installed Nix on my T440s.

Partitioning

I used the graphical installer and gparted to do partitioning.

First, the partition table should be GPT.

1MB grub data partition - EXT4 and bios_grub flag set. I called this partition "grub". Make sure to click "apply". Otherwise it will not let you right click -> manage flags to set bios_grub to true.

1GB boot partition - on the large side but I have 500GB to spend. Set this to fat32. Flags are "boot" and "esp".

Finally use the remaining space in one big partition, format it to EXT4 with the lvm flag, and commit it.

Disk Encryption

The large LVM partition above is our encrypted partition.

Type cryptSetup luksFormat /dev/sdX3 where sdX is the drive name. Enter a good password. Not used anywhere else.

Now we need to create the partitions

cryptsetup luksOpen /dev/sdX3 enc-pv and enter the password from above.

pvcreate /dev/mapper/enc-pv to initialize the partition.

vgcreate vg /dev/mapper/enc-pv to create the volume group vg on /dev/mapper/enc-pv from above.

lvcreate -L 16GB -n swap vg to create a swap logical volume on vg. I went with 2x RAM_SIZE_IN_GB. This is a little excessive and can be reduced quite a bit.

lvcreate -l 100%FREE -n root vg to create the root logical volume on vg. This consumes the remaining space in the volume group.

Partition Formatting and Mounting

Since we used gparted it is not necessary to format the unencrypted partitions.

For root however we need to format it ext4 (or whatever format you want) and also configure the swap.

mkfs.ext4 -0 dir_index -j -L root /dev/vg/root to format the root as ext4.

mkswap -L swap /dev/vg/swap.

Now let's mount these for installation:

mount /dev/vg/root /mnt mkdir /mnt/boot mount /dev/sdX2 /mnt/boot swapon /dev/vg/swap

Initial Nix Configuration

Now we need to set up a barebones configuration so we can see if we can boot up.

nixos-generate-config --root /mnt

This will give us two files, /etc/nixos/hardware-configuration.nix and /etc/nixos/configuration.nix to set the system up with.

The defaults are fairly sane for an initial boot. Double check to make sure everything looks okay according to your system specs.

The major change we need to make is to let NixOS know we have an encrypted partition. Add the following into the configuration.nix file.

boot.initrd.luks.devices = [
  { name = "root"; device = "/dev/sdX3"; preLVM = true; }
];

I tend to keep my boot stuff grouped together near the top.

We will keep the gummiboot related lines. gummiboot is a good enough bootloader for our purposes.

In your hardware-configuration.nix file your boot partition may not have the right fsType. Change it to vfat if necessary.

Finally, add networking.wireless.enable = true; to the file so we can use wpa_supplicant when we boot back up.

now type reboot to reboot. You should see gummiboot.

Installing the Rest of the System

Now that the hardest part is over we can configure Nix.

Let's begin by setting up a user.

useradd -m <your_name> passwd <your_name> groupadd -a -G wheel <your_name>

This will grant your user access to everything under sudo.