-
Download the minimal NixOS ISO
-
(on OSX) write the ISO image to an USB drive:
sudo dd bs=4m if=path/to/nixos-minimal.iso of=/dev/disk2
where
/dev/disk2
is the location of the USB media
Resize the OSX partition. You can do this using the diskutil
app.
Boot from the USB drive by holding down the Option key during boot startup tone, until you see boot options. Shooce the option called EFI Boot
gdisk -l /dev/sda
This will show you the existing partitions. You would want to update this.
gdisk /dev/sda
d
and delete the new (non-OSX, non-EFI, non-Recovery HD) partitionn
add partition, remaining space, type 8300 Linux LVM)w
write partition table and exit
Now setup the encrypted LUKS partition and open it (replace sda3
with the partition above):
cryptsetup luksFormat /dev/sda3
cryptsetup luksOpen /dev/sda3 enc-pv
(enc-pv
is the name of the encrypted volume in the mapper which will be used)
And now create an LVM group with 2 logical volumes (choose a name for the volume group <vg, e.g. mbp>): (the space you allocate for swap should be at least the same as your RAM size if you want hibernation)
pvcreate /dev/mapper/enc-pv
vgcreate <vg> /dev/mapper/enc-pv
lvcreate -n swap <vg> -L 20G
lvcreate -n root <vg> -l 100%FREE
Proceed with formatting the partitions (do check where the mac boot partition is on the sda
disk):
mkfs.ext4 -L root /dev/<vg>/root
mkswap -L swap /dev/<vg>/swap
Now mount all the disks and volumes you just created. But not where we said we were going to mount them.
The NixOS installer treats /mnt as the filesystem root for the installation. So instead of mounting to / and /boot as we discussed above, for now we’re going to mount them to /mnt and /mnt/boot instead:
mount /dev/vg/root /mnt
mkdir /mnt/boot
mount /dev/sda1 /mnt/boot
Also activate the swap space:
swapon /dev/vg/swap
generate config files:
nixos-generate-config --root /mnt
This creates 2 files in /mnt/etc/nixos
:
Add this to the configuration.nix:
boot.initrd.luks.devices = [
{
name = "root";
device = "/dev/sda3"; # alternatively, you can do /dev/disk/by-uuid/....... here
preLVM = true;
}
];
boot.loader.grub.device = "/dev/sda";
networking.networkmanager.enable = true;
Disable the wpa_supplicant service that’s running, and run it yourself specifying the WPA credentials.
systemctl stop wpa_supplicant.service
wpa_supplicant -B -i wlp3s0 -c <(wpa_passphrase 'SSID' 'key')
nixos-install
and then reboot
.
cryptsetup luksOpen /dev/sda3 enc-pv
lvchange -a y /dev/<vg>/swap
lvchange -a y /dev/<vg>/root
mount /dev/vg/root /mnt
mount /dev/sda1 /mnt/boot
swapon /dev/<vg>/swap
systemctl stop wpa_supplicant.service
wpa_supplicant -B -i interface -c <(wpa_passphrase 'SSID' 'key')