Configuration to setup my NixOS instances.
| Name | CI Status |
|---|---|
| draugr |  |
| fenrir |  |
| tyr |  |
| nixgard |  |
| install-iso |  |
Figure out what drive you want to use with fdisk -l or lsblk. You’ll need to use the entire disk, not single partitions.
Run
fdisk <drive>We’ll create two physical partitions with gdisk:
- One efi partition
- One for nixos and everything else
The last one will be a container which will hold nixos and the swap partition.
First, remove all existing partitions from the drive with d. It will ask you every time about the partition you want to delete.
Then create the following partitions:
| Number | Type | Size | What |
|---|---|---|---|
| 1 | ef00 | +500M | The (u)efi partition |
| 2 | 8300 | The one partition that’s going to hold the os and swap |
Next, we’re going to create an encrypted root container for the os/everything else partition with cryptsetup. If your output looks like mine from above, this is the third partition.
Create the encrypted container:
cryptsetup luksFormat <device>2And open it:
cryptsetup open <device>2 nixenccryptsetup will ask you for a password on both commands. You will need to enter this after your system is installed on every boot.
Once the container is open, you have a /dev/mapper/nixenc device available as if it was a normal disk. Note that we specified the last part of that in the cryptsetup open command.
We’ll use a volume group to hold the swap and root partition. We could encrypt them individually, but using a volume group won’t require us to enter the password multiple times when booting the computer.
First, we’ll tell lvm to handle the luks device we just formatted as if it was a physical partition:
pvcreate /dev/mapper/nixencThen we’ll create the actual volume group and call it vg:
vgcreate vg /dev/mapper/nixencNow that we have a volume group, we can finally create the new volumes:
lvcreate -n swap -L 8GB vg # the swap partition
lvcreate -n root -l +100%FREE vg # root partition with the os and everything elseBoth of these new volumes will appear at /dev/mapper/vg-swap and /dev/mapper/vg-root to format and use them.
To actually use the volumes, you need to format them.
First, set up the boot partition on the first device:
mkfs.vfat -n boot <device>1Then create and enable the swap partition:
mkswap /dev/mapper/vg-swap
swapon /dev/mapper/vg-swapEnabling it will make nixos-generate-config detect it and put it in your hardware-configuration.nix. And you’ll be able to use it during the installation.
Lastly, create the actual btrfs root partition:
mkfs.btrfs -L root /dev/mapper/vg-rootIf you want to set up brtfs subvolumes, now is a good time for that.
Mount the new btrfs partition to /mnt:
mount /dev/mapper/vg-root /mntAnd mount the uefi partition to /mnt/boot:
mkdir /mnt/boot
mount <device 1> /mnt/bootThen run
nixos-generate-config --root /mntto generate a new nixos config.
Clone my nixos config to /var and then symlink it to /etc/nixos/configuration.nix so that nixos will pick it up and use it.
Note that you need to clone the repo to /mnt because that’s where we the root os partition is mounted:
mkdir /mnt/var
cd /mnt/var
git clone [email protected]:rszamszur/nixos-config.gitTo create the symlink, it’s important to create one with a relative path - nixos is not yet installed in / but in /mnt. I usually do something like this:
cd /mnt/etc/nixos
mv configuration.nix configuration.generated.nix
# Choose host to build
ln -s ../../var/nixos-config/hosts/draugr/configuration.nix configuration.nixUsually, it’s a good idea to take a look at the auto generated hardware-configuration.nix and add it to the already existing config because it has all disks and everything else detected by nixos-generate-config.
You might have references to packages from the nixos unstable channel in your config. I usually add the unstable channel to my nix channels as nixos-unstable.
If you don’t have that channel available in nix channels, the installation will fail. To add it:
nix-channel --add https://nixos.org/channels/nixos-unstable nixos-unstableRefresh the channels so they are actually usable:
nix-channel --updateTo tell grub the device it should boot from we need to tell it the root device. In order to do that, first figure out which uuid is has.
We’re going to use lsblk for that:
$ lsblk -o name,type,mountpoint,uuid
NAME TYPE MOUNTPOINT UUID
loop0 loop /nix/.ro-store
sda disk 1980-01-01-00-00-00-00
├─sda1 part /iso 1980-01-01-00-00-00-00
└─sda2 part 1234-5678
nvme0n1 disk
├─nvme0n1p1 part /mnt/boot 8C6D-DD63
└─nvme0n1p2 part d6f3e071-f449-4aab-87f4-93ee3a3fbab1 # This is the uuid we're looking for
└─nixenc crypt qtCMVj-QKcW-0rcm-Pyud-Fqzc-tA8f-inZp3M
├─vg-swap lvm [SWAP] a7208e31-c1e7-44b8-895c-d01d0b930508
└─vg-root lvm /mnt Add the following entry to a boot.nix or hardware-configuration.nix file:
boot.initrd.luks.devices = {
root = {
device = "/dev/disk/by-uuid/<the uuid of the root partition from above>";
preLVM = true;
allowDiscards = true;
};
};Now that everything is set up, we can actually install the nixos system with:
nixos-installDepending on your configuration, internet speed and hardware, this will take a while.
Once nixos-install has finished, reboot your system. If everything went well, it should greet you with a login screen.
Users passwords:
mkpasswd -m sha-512