Created
December 8, 2020 21:18
-
-
Save 3noch/82bebfb4146d7357f904a8d1697858cb to your computer and use it in GitHub Desktop.
NixOS Install Dual-Boot Windows on encrypted ZFS root
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# 1. Install Windows 10 but leave a chunk of your drive unpartitioned | |
# 2. Within Windows create a new partition for your NixOS install | |
# 3. Create an installation disk/USB for NixOS | |
# 4. Boot into NixOS graphical installer | |
# 5. Open GParted so you can make sure you've selected the right drives (ls -lah /dev/disk/by-id/... will tell you what drive the path is symlinked to) | |
# 6. Run the following! | |
TARGET_DISK="/dev/disk/by-id/nvme-Force_MP600_20468229000128554A4B-part5" | |
sudo zpool create -o ashift=12 -O acltype=posixacl -O compression=lz4 -O dnodesize=auto -O normalization=formD -O relatime=on -O xattr=sa -O mountpoint=none zroot "$TARGET_DISK" | |
sudo zfs create -o encryption=aes-256-gcm -o keyformat=passphrase -o mountpoint=none zroot/crypt | |
sudo zfs create -o mountpoint=legacy -o sync=disabled zroot/crypt/tmp | |
sudo zfs create -o mountpoint=legacy -o com.sun:auto-snapshot=true zroot/crypt/home | |
sudo zfs create -o mountpoint=legacy -o com.sun:auto-snapshot=true zroot/crypt/nixos | |
sudo mount -t zfs zroot/crypt/nixos /mnt | |
sudo mkdir /mnt/{home,tmp,boot} | |
sudo mount -t zfs zroot/crypt/home /mnt/home/ | |
sudo mount -t zfs zroot/crypt/tmp /mnt/tmp/ | |
BOOT_DISK="/dev/disk/by-id/nvme-Force_MP600_20468229000128554A4B-part1" | |
sudo mount "$BOOT_DISK" /mnt/boot | |
sudo nixos-generate-config --root /mnt | |
diff /mnt/etc/nixos/configuration.nix configuration.orig.nix | |
16,17d15 | |
< boot.supportedFilesystems = [ "zfs" ]; | |
< boot.zfs.requestEncryptionCredentials = true; | |
23c21 | |
< time.timeZone = "America/New_York"; | |
--- | |
> # time.timeZone = "Europe/Amsterdam"; | |
31d28 | |
< networking.hostId = "0229760f"; # from head -c 8 /etc/machine-id | |
47c44,45 | |
< services.xserver.desktopManager.gnome3.enable = true; | |
--- | |
> services.xserver.desktopManager.gnome3.enable = true; | |
> | |
57,58c55,56 | |
< sound.enable = true; | |
< hardware.pulseaudio.enable = true; | |
--- | |
> # sound.enable = true; | |
> # hardware.pulseaudio.enable = true; | |
64,68c62,65 | |
< users.users.elliot = { | |
< isNormalUser = true; | |
< extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. | |
< hashedPassword = "..."; # mkpasswd -m sha-512 | |
< }; | |
--- | |
> # users.users.jane = { | |
> # isNormalUser = true; | |
> # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. | |
> # }; | |
80,83c77,80 | |
< programs.gnupg.agent = { | |
< enable = true; | |
< enableSSHSupport = true; | |
< }; | |
--- | |
> # programs.gnupg.agent = { | |
> # enable = true; | |
> # enableSSHSupport = true; | |
> # }; | |
88c85 | |
< services.openssh.enable = true; | |
--- | |
> # services.openssh.enable = true; | |
sudo nixos-install |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment