Skip to content

Instantly share code, notes, and snippets.

@Le0xFF

Le0xFF/0_NixOS_Install.md

Last active September 8, 2024 15:47
Show Gist options
  • Save Le0xFF/21942ab1a865f19f074f13072377126b to your computer and use it in GitHub Desktop.
Save Le0xFF/21942ab1a865f19f074f13072377126b to your computer and use it in GitHub Desktop.
Download ZIP
NixOS installation with: Full Disk Encryption using LUKS2, BTRFS filesystem, systemd-boot
Raw
0_NixOS_Install.md

First attempt at NixOS installation and configuration.
Ssetup is similar to the gist where Void Linux was installed.

With NixOS the following features are listed:

  • BTRFS filesystem
  • Full Disk Encryption
  • SystemD-boot as bootloader

Process

Log in with root account.

Wipe the destination disk:

wipefs -a <destination_disk>

Partitioning the destination disk with cfdisk with the the following scheme (using a 1 TB drive):

  • 1 GB as EFI partition (<boot_partition>)
  • 999 GB as Linux partition (<root_partition>)

Encrypt the drive with LUKS2:

cryptsetup luksFormat --type=luks2 <root_partition>
cryptsetup open <root_partition> <encrypted_partition_name>

Prepare LVM:

vgcreate <volume_group_name> /dev/mapper/<encrypted_partition_name>
lvcreate --name <logic_volume_name> -l +100%FREE <volume_group_name>

Create filesystems:

mkfs.vfat -n EFI -F 32 <boot_partition>
mkfs.btrfs -L NixOS /dev/mapper/<volume_group_name>-<logic_volume_name>

Mount partitions and create btrfs subvolumes:

export BTRFS_OPT=rw,noatime,discard=async,compress-force=zstd,space_cache=v2,commit=120
mount -o $BTRFS_OPT /dev/mapper/<volume_group_name>-<logic_volume_name> /mnt
btrfs subvolume create /mnt/@
btrfs subvolume create /mnt/@home
btrfs subvolume create /mnt/@snapshots
btrfs subvolume create /mnt/@nix
btrfs subvolume create /mnt/@nixos-config
btrfs subvolume create /mnt/@log
umount /mnt
mount -o $BTRFS_OPT,subvol=@ /dev/mapper/<volume_group_name>-<logic_volume_name> /mnt
mkdir /mnt/home
mkdir /mnt/nix
mkdir -p /mnt/etc/nixos
mkdir -p /mnt/var/log
mount -o $BTRFS_OPT,subvol=@home /dev/mapper/<volume_group_name>-<logic_volume_name> /mnt/home/
mount -o $BTRFS_OPT,subvol=@nix /dev/mapper/<volume_group_name>-<logic_volume_name> /mnt/nix/
mount -o $BTRFS_OPT,subvol=@nixos-config /dev/mapper/<volume_group_name>-<logic_volume_name> /mnt/etc/nixos/
mount -o $BTRFS_OPT,subvol=@log /dev/mapper/<volume_group_name>-<logic_volume_name> /mnt/var/log
mkdir -p /mnt/boot/
mount -o rw,noatime <boot_partition> /mnt/boot/

Generate NixOS configuration files:

nixos-generate-config --root /mnt

Use the configuration files you find attached in this gist:

  • hardware-configuration_changes.nix
  • configuration.nix
  • luks.nix
  • audio.nix
  • bluetooth.nix
  • xfce.nix

Finally install the system and then poweroff/reboot.

nixos-install --root /mnt --cores 0

Resources

[1] https://nixos.org/manual/nixos/stable/

[2] https://nixos.org/manual/nixos/stable/options

[3] https://jappie.me/nixos-on-encrypted-btrfs.html

[4] https://gist.github.com/hadilq/a491ca53076f38201a8aa48a0c6afef5

[5] https://mt-caret.github.io/blog/posts/2020-06-29-optin-state.html

Raw
1_hardware-configuration_changes.nix
# Changes related to hardware-configuration.nix
{ config, pkgs, lib, ... }:
{
fileSystems."/" =
{ options = [ "rw" "noatime" "discard=async" "compress-force=zstd" "space_cache=v2" "commit=120" ];
};
fileSystems."/home" =
{ options = [ "rw" "noatime" "discard=async" "compress-force=zstd" "space_cache=v2" "commit=120" ];
};
fileSystems."/nix" =
{ options = [ "rw" "noatime" "discard=async" "compress-force=zstd" "space_cache=v2" "commit=120" ];
};
fileSystems."/etc/nixos" =
{ options = [ "rw" "noatime" "discard=async" "compress-force=zstd" "space_cache=v2" "commit=120" ];
};
fileSystems."/var/log" =
{ options = [ "rw" "noatime" "discard=async" "compress-force=zstd" "space_cache=v2" "commit=120" ];
};
}
Raw
2_configuration.nix
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
./hardware-configuration_changes.nix
./luks.nix
./audio.nix
./bluetooth.nix
./xfce/xfce.nix
];
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.supportedFilesystems = [ "btrfs" ];
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "NixOS-NB"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "Europe/Rome";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "it_IT.UTF-8";
console = {
# font = "Lat2-Terminus16";
keyMap = "it";
# useXkbConfig = true; # use xkbOptions in tty.
};
# Enable the X11 windowing system.
#services.xserver.enable = true;
# Enable the GNOME Desktop Environment.
#services.xserver.displayManager.gdm.enable = true;
#services.xserver.desktopManager.gnome.enable = true;
# Configure keymap in X11
services.xserver.layout = "it";
# services.xserver.xkbOptions = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with ‘passwd’.
users.users.leot = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
hashedPassword = "RUN `mkpasswd -m sha-512` TO GENERATE IT";
# packages = with pkgs; [
# firefox
# tree
# ];
};
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
htop
wget
curl
croc
gparted
firefox
blueman
gimp-with-plugins
gnome.gnome-disk-utility
inkscape-with-extensions
onlyoffice-bin_latest
thunderbird
];
environment.variables.EDITOR = "nano";
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}
Raw
3_luks.nix
{ config, pkgs, ... }:
{
# LUKS device to open before mounting / [root]
boot.initrd.luks.devices = {
luksroot = {
device = "/dev/disk/by-uuid/<root_partition>";
allowDiscards = true;
preLVM = true;
};
};
}
Raw
4_audio.nix
{ config, pkgs, ... }:
{
sound = {
enable = false;
#mediaKeys.enable = true;
};
hardware = {
pulseaudio.enable = false;
};
services = {
pipewire = {
enable = true;
alsa = {
enable = true;
support32Bit = true;
};
pulse.enable = true;
jack.enable = true;
};
};
}
Raw
5_bluetooth.nix
{ config, pkgs, ... }:
{
hardware = {
bluetooth = {
enable = true;
settings = {
General = {
Enable = "Source,Sink,Media,Socket";
};
};
};
};
services = {
blueman.enable = true;
};
}
Raw
6_xfce.nix
{ pkgs, ... }:
{
environment = {
systemPackages = with pkgs; [
chromium
drawing
elementary-xfce-icon-theme
evince
foliate
font-manager
gnome.file-roller
libqalculate
orca
pavucontrol
qalculate-gtk
wmctrl
xclip
xcolor
xcolor
xdo
xdotool
xfce.catfish
xfce.gigolo
xfce.orage
xfce.xfburn
xfce.xfce4-appfinder
xfce.xfce4-clipman-plugin
xfce.xfce4-cpugraph-plugin
xfce.xfce4-dict
xfce.xfce4-fsguard-plugin
xfce.xfce4-genmon-plugin
xfce.xfce4-netload-plugin
xfce.xfce4-panel
xfce.xfce4-pulseaudio-plugin
xfce.xfce4-systemload-plugin
xfce.xfce4-weather-plugin
xfce.xfce4-whiskermenu-plugin
xfce.xfce4-xkb-plugin
xfce.xfdashboard
xorg.xev
xsel
xtitle
xwinmosaic
zuki-themes
];
};
programs = {
dconf.enable = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
thunar = {
enable = true;
plugins = with pkgs.xfce; [
thunar-archive-plugin
thunar-media-tags-plugin
thunar-volman
];
};
};
security.pam.services.gdm.enableGnomeKeyring = true;
services = {
gnome.gnome-keyring.enable = true;
xserver = {
enable = true;
excludePackages = with pkgs; [
xterm
];
displayManager = {
lightdm = {
enable = true;
greeters.slick = {
enable = true;
theme.name = "Zukitre-dark";
};
};
};
desktopManager.xfce.enable = true;
};
};
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment