Only for me. I have not tested this elsewhere and my config might not be something you would want. Current system is a impermanence setup with tmpfs and LUKS encryption for root and swap with flakes. After booting into ISO follow the steps:
Important
Before copy pasting check for values inside angle brackets <>
- Current partition scheme is an EFI partition of 512MiB with boot, ESP flags turned on. Easy with Gparted GUI program.
- Turn EFI partition as boot with
set <partition number> boot on
on the parted prompt. - Swap as same size as RAM. Enable swap after partion creation with
sudo swapon /dev/nvme0n1p<n>
- Rest as nix parition with
sudo parted /dev/nveme0n1 --script mkpart nix <starting part in GB> <ending part in GB>
, find the starting and end withsudo parted /dev/nvme0n1 print
. - Check alignment with
for i in {1..<n>}; do sudo parted /dev/nvme0n1 -- align-check optimal $i; done
.
- Format for LUKS with
sudo cryptsetup luksFormat /dev/nvme0n1p<n>
. - Enter passphrase when prompted.
- Open the nix drive with
sudo cryptsetup luksOpen /dev/nvme0n1p<n> crypted
at/dev/mapper/crypted
. - Format the encrypted partition with ext4 with the command
sudo mkfs.ext4 -L nix /dev/mapper/crypted
. - Verify drives scheme with
sudo parted /dev/nvme0n1 -- unit MiB print
. - Should look like the following:
| Number | Size | File system | Name | Flags |
| ------ | ----- | -------------- | ---- | --------- |
| 1 | 512MB | fat32 | EFI | boot, esp |
| 2 | 16GB | linux-swap(v1) | swap | swap |
| 3 | <n> | ext4 | nix | |
- Mount tmpfs at
/mnt
withsudo mount -v -t tmpfs none /mnt
. - Create directories to mount to with
sudo mkdir -v -p /mnt/{boot,nix,etc/nixos,home/crimson/dotfiles,var/log}
- Mount
/boot
to/mnt/boot
withsudo mount -v /dev/nvme0n1p<n> /mnt/boot -o umask=0077
- Mount encrypted drive to
/mnt/nix
withsudo mount -v /dev/mapper/crypted /mnt/nix
- Create persistent directories with
sudo mkdir -v -p /mnt/nix/persist/{etc/nixos,home/crimson/dotfiles,var/log}
. - Bind mount config and logs with
sudo mount -v -o /mnt/nix/persist/etc/nixos /mnt/etc/nixos
&sudo mount -v -o bind /mnt/nix/persist/var/log /mnt/var/log
.
- To get
hardware-configuration.nix
run the commandsudo nixos-generate-config --root /mnt
- Change directory to config with
cd mnt/etc/nixos
. - Ignore error of Not Btrfs filesystem.
- Edit to add options in tmpfs section with
sed -i '/fsType = "tmpfs";/a options = [ "defaults" "size=25%" "mode=755" ];' ./hardware-configuration.nix
or manually.
{
#------------------
fileSystems."/" = {
device = "none";
fsType = "tmpfs";
+ options = [ "defaults" "size=25%" "mode=755" ];
};
#----------------
}
- Fix this error with
sed -i '/fsType = "vfat"/a options = [ "umask=0077" ];' ./hardware-configuration.nix
or manually.sed
command addsoptions = [ "umask=0077"];
on the vfat section.
{
#------------------
fsType = "vfat";
+ options = [ "umask=0077" ];
#----------------
}
- The
by-uuid
generated for theswapDevice
in thehardware-configuration.nix
needs to change to theby-partuuid
because when using therandomEncryption.enable = true
theby-uuid
changes every boot. - Get
by-uuid
&by-partuuid
withls -l /dev/disk/by-uuid
&ls -l /dev/disk/by-partuuid
respectively. Take values of the swap partition. - Swap out
by-uuid/<by-uuid number>
withby-partuuid/<by-partuuid number
(there should only be one occurance of such but if multiple exists swap for all) followed byrandomEncryption.enable = true;
on new line below.
- Setup network.
Configure WPA supplicant so we can use WIFI:
$ cat > /etc/wpa_supplicant.conf
network={
ssid="****"
psk="****"
}
^D
$ systemctl start wpa_supplicant
- Clone repo
git clone https://github.com/sudanchapagain/dotfiles.git
- Swap out the repo's hardware config with newly generated one.
- (optional) Move the config to
/mnt/nix/persist/home/crimson/dotfiles/
. - Add current hardware config to git with
git add .
because nix expects everything to be touched by git.
- cd to whichever directory the config is on.
- run
sudo nixos-install --flake .#crimson --no-root-passwd
- Reboot system.
- Error on logout is this which is harmless AFAIK.
- Troubleshooting: If for whatever reason the system doesn't boot, we can go back to the installation environment by booting from the ISO and remounting all partitions with
cryptsetup luksOpen /dev/nvme0n1p<n> crypted
and mount tmpfs to /mnt and etc (see above config). - Currently boot order set from UEFI determines the OS that's booted into however for dualboot or more OS a rEFInd as boot option is easiest option. Link to current rEFInd theme/config github/sudanchapagain/rEFInd-theme
- nixos/learn
- nix.dev
- zero-to-nix.com
- "Impermanent NixOS: on a VM + tmpfs root + flakes + LUKS" by will bush (blog): tmpfs
- "NixOS ❄: tmpfs as root" by elis: tmpfs
- "Paranoid NixOS Setup" by xe: contains additional config for networks and etc.
uses different filesystems and things but generally similar.
- "Erase your darlings: immutable infrastructure for mutable systems" by Graham Christensen: uses ZFS
- "NixOS as a server, part 1: Impermanence" by guekks: uses btrfs
I do not remember all of places where i have taken the config snippets and this README text (many gists, blogs, and other's configs) but i used will bush's blog as primary resource.