Last active
September 5, 2017 12:58
-
-
Save luque/de26e3922d1bd569dd47e5ce190dd40b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Following notes from: | |
* NixOS manual: https://nixos.org/nixos/manual/ | |
* https://chris-martin.org/2015/installing-nixos | |
For systems without CD drive, the NixOS live CD can be booted from a USB stick: | |
$ curl -O https://d3g5gsiof5omrk.cloudfront.net/nixos/17.03/nixos-17.03.1769.da2159dafb/nixos-minimal-17.03.1769.da2159dafb-x86_64-linux.iso | |
# dd if=nixos-minimal-17.03.1769.da2159dafb-x86_64-linux.iso of=/dev/sdc | |
1. Boot from USB drive. | |
2. When it’s finished booting, it should have detected most of your hardware. | |
3. The NixOS manual is available on virtual console 8 (press Alt+F8 to access). | |
4. You get logged in as root (with empty password). | |
5. The boot process should have brought up networking (check ip a). Networking is necessary for the installer, | |
since it will download lots of stuff. | |
6. Partitioning disk using gdisk to create the following schema: | |
1 500MB EF00 EFI System | |
2 465.4GN 8E00 Linux LVM | |
We'll use the following partition schema: | |
* /dev/sda1 will be mounted at /boot. This is unencrypted, because the boot process will need it | |
before we unlock the encrypted volume. | |
* /dev/sda2 is the encrypted partition. | |
The encrypted partition /dev/sda2 contains an LVM volume group called vg, which contains two logical volumes: | |
* /dev/vg/swap will be used as swap space. | |
* /dev/vg/root will be mounted at the root of the filesystem, /. | |
7. Set up LUKS | |
Initialize the encrypted partition. This will prompt you to create a passphrase. | |
# cryptsetup luksFormat /dev/sda2 | |
Then open it: | |
# cryptsetup luksOpen /dev/sda2 enc-pv | |
8. Configure LVM: | |
pvcreate /dev/mapper/enc-pv | |
vgcreate vg /dev/mapper/enc-pv | |
lvcreate -L 32G -n swap vg | |
lvcreate -l100%FREE -n root vg | |
9. Format partitions: | |
# mkfs.vfat -n BOOT /dev/sda1 | |
# mkfs.ext4 -L root /dev/vg/root | |
# mkswap -L swap /dev/vg/swap | |
10. NixOS Installation: | |
The NixOS installer treats /mnt as the filesystem root for the installation. So instead of | |
mounting to / and /boot as we discussed above, for now we’re going to mount them to /mnt | |
and /mnt/boot instead: | |
# mount /dev/vg/root /mnt | |
# mkdir /mnt/boot | |
# mount /dev/sda1 /mnt/boot | |
Also activate the swap space: | |
# swapon /dev/vg/swap | |
10.1. Configuration: | |
Run this to generate config files: | |
# nixos-generate-config --root /mnt | |
This creates two files in /mnt/etc/nixos: | |
* configuration.nix, a default config file. (You’ll be making changes to this a lot). | |
* hardware-configuration.nix, the results of a hardware scan. (You don’t edit this.) | |
Add this stuff to the configuration.nix: | |
boot.initrd.luks.devices = [ | |
{ | |
name = "root"; | |
device = "/dev/sda2"; | |
preLVM = true; | |
} | |
]; | |
boot.loader.grub.device = "/dev/sda"; | |
Recap of everything you need to set up when you boot from the install media again. | |
cryptsetup luksOpen /dev/sda2 enc-pv | |
lvchange -a y /dev/vg/swap | |
lvchange -a y /dev/vg/root | |
mount /dev/vg/root /mnt | |
mount /dev/sda2 /mnt/boot | |
swapon /dev/vg/swap | |
10.2. Install: | |
# nixos-install | |
If that succeeds, then reboot and proceed to boot into your new NixOS install. | |
#reboot | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment