Skip to content

yolofanhd/nixos-config

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

45 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

My nixos config

This is my nixos config. It's intended for the use of 2 main devices and one raspberry pi 5. Support for kubernetes and multiple raspis is planned in near future.

Project structure

  • hosts
    contain a basic setup for each host (e.g. notebook, pc, etc.)
    the goal is to keep those configurations at a bare minimum and import everything thats needed from other modules

  • modules
    contain a basic setup for application and their configurations

    • home
      contains setup for home-manager specific stuff

Installation and setup

As this configuration utilizes flakes it is fairly simple to install and setup.

  1. Clone this repo
git clone https://github.com/yolofanhd/nixos-config
cd nixos-config

Note

Optional: If you just want everything to work right away I would suggest to also git checkout stable. This branch is updated less frequently and is checked a lot better. The main branch is used as the dev branch and can sometimes be unstable due to dependency updates or breaking changes for multiple hosts, which often wouldn't be noticed right away.

  1. Copy your hardware-configuration.nix into the root of this repo
cp /etc/nixos/hardware-configuration.nix ./
git add ./hardware-configuration.nix -f

Note

Don't forget to remove the hardware-configuration.nix when pushing or adding changes. The reason for it not being included is because it's just an autogenerated file which differs from host to host. So pushing it would be useless.

  1. Install the desired host configuration
sudo nixos-rebuild switch --flake './#<host-name>'

Building a custom iso

You can also build a custom iso. There are several use cases for that:

  • Trying out the config without installing it
  • Having a temp throwaway system
  • Quickly booting virtual machines
  • Easier installation

The build process is fairly easy:

nix build '.#nixosConfigurations.image.<host-name>.config.formats.<format>'

The hostname can be choosen like stated in the flake.nix. All formats from nixos-generators should work out of the box. Feel free to extend flake.nix to be able to support your custom formats. The iso can be found in ./result/nixos.iso.

Updating the configuration

The following two commands are used to update 1. the nix flake and 2. the system.

sudo nix flake update
sudo nixos-rebuild switch --flake './#<host-name>'

Normally there should be no need to update this flake manually as the update process is pretty much automated.

For more information look at: NixOS docs

Raspberry pi 5 Setup

There already is a great documentation here.
None the less a quick guide:

Requirements

Requirements are only needed for this guide, the process can be probably highly optimised but I found this one the easiest approach

  • Rpi5 (with peripherals (e.g. display and keyboard))
  • SD card
  • USB stick
  • another machine

Setting up UEFI and the sd card

  1. Create a gpt partition table
  2. Create an efi (fat32) partition
  3. Create a linux partition for nixos (could be done within the nixos installation step)
  4. Format the partitions
    • fat32 for boot partition
    • ext4 for linux partition
  5. Mount the boot partition
  6. Look at this repo and get the latest release
  7. Copy the 3 files from the release into the boot partition
  8. (Optional) Adjust the config.txt if needed
  9. Insert the sd card into the raspi and check if the uefi menu shows up correctly (might need to hit esc)

Prepare the booting device

  1. Get the lates release or look at this guide
  2. Plug in the usb
  3. Flash the iso onto the usb stick

Launch installation media

  1. Plug the installation stick into your raspi
  2. Boot the raspi
  3. (Optional) Adjust any uefi settings if needed (e.g. boot order)
  4. Launch nixos installation

Install nixos

Once this stage is reached you might also continue with the normal installation instructions. Allthough there are a few options that have to be set:

  boot.loader.efi.canTouchEfiVariables = false;
  boot.kernelPackages = (import (builtins.fetchTarball https://gitlab.com/vriska/nix-rpi5/-/archive/main.tar.gz)).legacyPackages.aarch64-linux.linuxPackages_rpi5;

the second setting can also be implemented by using the flake directly like this config does.

When everything is in place hit nixos-install! Note: This might take a while

Post-Installation

This is really important in order to be able to boot nixos.

  1. Open up the uefi by hitting esc.
  2. Go into Device Manager -> Raspberry Pi Configuration -> ACPI / Device Tree -> System Table Mode
  3. Change it from ACPI to Device Tree Once thats done, feel free to boot nixos!

After everything works and is correctly set up you might also revisit some guides and configs to ensure that everything is set up as it should be. For example you might want to set force_turbo=1 to 0 in the /boot/config.txt file.

Secure boot with lanzaboote

Official Guide

Secure is still experimental, but I found it to work quite well. Here is a step by step introction:

  1. sudo sbctl create-keys
  2. Add lanzaboote to the nix config. (example in boot.nix)
  3. sudo sbctl verify and verify that the boot entries which are relevant are signed.
  4. Reboot into your UEFI/BIOS and enable SecureBoot and enable Boot Setup mode
  5. Boot the system and enroll the keys sudo sbctl enroll-keys --microsoft
  6. Reboot the system (Boot Setup mode should be automagically disabled)
  7. Check if everything is correctly setup with bootctl status

disk encryption with nixos

Check out these 2 guides: NixOS Wiki, NixOS with encrypted root\

A quick summary:

  1. Get your nixos usb stick and boot up the installation media
  2. Create the encrypted partition using cryptsetup luksFormat /dev/sda2 and open it with cryptsetup luksOpen /dev/sda2 enc-pv
  3. Create logical volumes on the created partition
    • pvcreate /dev/mapper/enc-pv
    • vgcreate vg /dev/mapper/enc-pv
    • Create swap lvcreate -L 8G -n swap vg
    • Create root lvcreate -l '100%FREE' -n root vg
  4. Format the partitions
    • mkfs.fat /dev/sda1
    • Format encrypted root volume mkfs.ext4 -L root /dev/vg/root
    • Format encrypted swap volume mkswap -L swap /dev/vg/swap
  5. Mount the volumes
    • mount /dev/vg/root /mnt
    • mkdir /mnt/boot
    • mount /dev/sda1 /mnt/boot
    • swapon /dev/vg/swap
  6. Proceed with the usual installation

Note

Keep in mind when troubleshooting that the luks device needs to be open. Once created it can be opened with the second command mentioned in step 2. When working with the volumes keep in mind that the name doesn't match with the physical partition name, so just be sure to always use the provided name from the mapper!
There also is another setting for encrypted devices in the boot.nix file. It just ensures that the device is used and can safely be ignored due to automatic generation. (e.g. the same setting is set anyway in hardware-configuration.nix)

Contribution guidelines

This repository uses convetional commits.
Just feel free to leave a PR and I might merge it! :D