Skip to content

Instantly share code, notes, and snippets.

@ChickenParmigiana

ChickenParmigiana/configuration.tmpfsroot.zfscrypt.template.nix

Forked from byrongibson/configuration.tmpfsroot.zfscrypt.template.nix
Last active August 26, 2023 17:27
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ChickenParmigiana/72e5ee51bc08c07ac1bbc5ea39a90bad to your computer and use it in GitHub Desktop.
Save ChickenParmigiana/72e5ee51bc08c07ac1bbc5ea39a90bad to your computer and use it in GitHub Desktop.
Download ZIP
Raw
configuration.tmpfsroot.zfscrypt.template.nix
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).
{ config, pkgs, ... }:
{
################################################################################
# System
################################################################################
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
# Default nixPath. Uncomment and modify to specify non-default nixPath
# https://search.nixos.org/options?query=nix.nixPath
#nix.nixPath =
# [
# "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos"
# "nixos-config=/persist/etc/nixos/configuration.nix"
# "/nix/var/nix/profiles/per-user/root/channels"
# ];
# Enable non-free packages (Nvidia driver, etc)
# Reboot after rebuilding to prevent possible clash with other kernel modules
nixpkgs.config = {
allowUnfree = true;
};
# Make nixos-rebuild snapshot the current configuration.nix to
# /run/current-system/configuration.nix
# With this enabled, every new system profile contains the configuration.nix
# that created it. Useful in troubleshooting broken build, just diff
# current vs prior working configurion.nix. This will only copy configuration.nix
# and no other imported files, so put all config in this file.
# Configuration.nix should have no imports besides hardware-configuration.nix.
# https://search.nixos.org/options?query=system.copySystemConfiguration
system.copySystemConfiguration = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It‘s perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.05"; # Did you read the comment?
# Select internationalisation properties.
i18n.defaultLocale = "en_CA.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
time.timeZone = "America/Toronto";
################################################################################
# Boot
################################################################################
# import /persist into initial ramdisk so that tmpfs can access persisted data like user passwords
# https://www.reddit.com/r/NixOS/comments/o1er2p/tmpfs_as_root_but_without_hardcoding_your/h22f1b9/
# https://search.nixos.org/options?channel=21.05&show=fileSystems.%3Cname%3E.neededForBoot&query=fileSystems.%3Cname%3E.neededForBoot
fileSystems."/persist".neededForBoot = true;
# Use EFI boot loader with Grub.
# https://nixos.org/manual/nixos/stable/index.html#sec-installation-partitioning-UEFI
boot = {
supportedFilesystems = [ "vfat" "zfs" ];
loader = {
systemd-boot.enable = true;
efi = {
#canTouchEfiVariables = true; # must be disabled if efiInstallAsRemovable=true
#efiSysMountPoint = "/boot/efi"; # using the default /boot for this config
};
grub = {
enable = true;
efiSupport = true;
efiInstallAsRemovable = true; # grub will use efibootmgr
zfsSupport = true;
copyKernels = true; # https://nixos.wiki/wiki/NixOS_on_ZFS
device = "nodev"; # "/dev/sdx", or "nodev" for efi only
};
};
};
################################################################################
# ZFS
################################################################################
# Set the disk’s scheduler to none. ZFS takes this step automatically
# if it controls the entire disk, but since it doesn't control the /boot
# partition we must set this explicitly.
# source: https://grahamc.com/blog/nixos-on-zfs
boot.kernelParams = [ "elevator=none" ];
boot.zfs = {
requestEncryptionCredentials = true; # enable if using ZFS encryption, ZFS will prompt for password during boot
};
services.zfs = {
autoScrub.enable = true;
autoSnapshot.enable = true;
# TODO: autoReplication
};
################################################################################
# Networking
################################################################################
networking = {
#hostId = "$(head -c 8 /etc/machine-id)"; # required by zfs. hardware-specific so should be set in hardware-configuration.nix
hostName = "z11pa-d8"; # Any arbitrary hostname.
# wireless.enable = true; # Wireless via wpa_supplicant. Unecessary with Gnome.
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
# useDHCP = false;
# interfaces = {
# eno1.useDHCP = true;
# eno2.useDHCP = true;
# eno3.useDHCP = true;
# eno4.useDHCP = true;
# wlp175s0.useDHCP = true;
# };
};
################################################################################
# Persisted Artifacts
################################################################################
#Erase Your Darlings & Tmpfs as Root:
# config/secrets/etc to be persisted across tmpfs reboots and rebuilds. setup
# soft-links from /persist/<loc on root> to their expected location on /<loc on root>
# https://github.com/barrucadu/nixfiles/blob/master/hosts/nyarlathotep/configuration.nix
# https://grahamc.com/blog/erase-your-darlings
# https://elis.nu/blog/2020/05/nixos-tmpfs-as-root/
environment.etc = {
# /etc/nixos: requires /persist/etc/nixos
"nixos".source = "/persist/etc/nixos";
#NetworkManager/system-connections: requires /persist/etc/NetworkManager/system-connections
"NetworkManager/system-connections".source = "/persist/etc/NetworkManager/system-connections/";
# machine-id is used by systemd for the journal, if you don't persist this
# file you won't be able to easily use journalctl to look at journals for
# previous boots.
"machine-id".source = "/persist/etc/machine-id";
# if you want to run an openssh daemon, you may want to store the host keys
# across reboots.
"ssh/ssh_host_rsa_key".source = "/persist/etc/ssh/ssh_host_rsa_key";
"ssh/ssh_host_rsa_key.pub".source = "/persist/etc/ssh/ssh_host_rsa_key.pub";
"ssh/ssh_host_ed25519_key".source = "/persist/etc/ssh/ssh_host_ed25519_key";
"ssh/ssh_host_ed25519_key.pub".source = "/persist/etc/ssh/ssh_host_ed25519_key.pub";
};
#2. Wireguard: requires /persist/etc/wireguard/
networking.wireguard.interfaces.wg0 = {
generatePrivateKeyFile = true;
privateKeyFile = "/persist/etc/wireguard/wg0";
};
#3. Bluetooth: requires /persist/var/lib/bluetooth
#4. ACME certificates: requires /persist/var/lib/acme
systemd.tmpfiles.rules = [
"L /var/lib/bluetooth - - - - /persist/var/lib/bluetooth"
"L /var/lib/bluetooth - - - - /persist/var/lib/bluetooth"
"L /var/lib/acme - - - - /persist/var/lib/acme"
];
################################################################################
# GnuPG & SSH
################################################################################
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
permitRootLogin = "no";
passwordAuthentication = true;
hostKeys =
[
{
path = "/persist/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
{
path = "/persist/etc/ssh/ssh_host_rsa_key";
type = "rsa";
bits = 4096;
}
];
};
# Enable GnuPG Agent
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
################################################################################
# XServer & Drivers
################################################################################
hardware.opengl = {
driSupport = true; # install and enable Vulkan: https://nixos.org/manual/nixos/unstable/index.html#sec-gpu-accel
#extraPackages = [ vaapiIntel libvdpau-va-gl vaapiVdpau intel-ocl ]; # only if using Intel graphics
};
{ pkgs, ... }:
let
nvidia-offload = pkgs.writeShellScriptBin "nvidia-offload" ''
export __NV_PRIME_RENDER_OFFLOAD=1
export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0
export __GLX_VENDOR_LIBRARY_NAME=nvidia
export __VK_LAYER_NV_optimus=NVIDIA_only
exec -a "$0" "$@"
'';
in
{
environment.systemPackages = [ nvidia-offload ];
hardware.nvidia.prime = {
offload.enable = true;
# Bus ID of the Intel GPU. You can find it using lspci, either under 3D or VGA
intelBusId = "PCI:0:2:0";
# Bus ID of the NVIDIA GPU. You can find it using lspci, either under 3D or VGA
nvidiaBusId = "PCI:1:0:0";
# Enable X11 + Nvidia
# https://nixos.org/manual/nixos/unstable/index.html#sec-gnome-gdm
services.xserver = {
enable = true; # enable X11
layout = "us";
xkbOptions = "ctrl:nocaps,altwin:menu,compose:ralt,eurosign:e";
#videoDrivers = [ "nvidia" ]; # seems unecessary if nixpkgs.config.allowUnfree=true (above in System section);
};
services.xserver.videoDrivers = [ "modesetting" "nvidia" ];
################################################################################
# Window Managers & Desktop Environment
################################################################################
# Enable gdm + GNOME
services.xserver = {
desktopManager.gnome.enable = true;
displayManager.lightdm.enable = true;
};
services.gnome.core-developer-tools.enable = true;
################################################################################
# Print
################################################################################
# Enable CUPS to print documents.
services.printing.enable = true;
################################################################################
# Sound
################################################################################
# Enable sound.
sound.enable = true;
hardware.pulseaudio.enable = true;
################################################################################
# Input
################################################################################
# Enable touchpad support (enabled by default in most desktopManagers).
# services.xserver.libinput.enable = true;
################################################################################
# Users
################################################################################
# When using a password file via users.users.<name>.passwordFile, put the
# passwordFile in the specified location *before* rebooting, or you will be
# locked out of the system. To create this file, make a single file with only
# a password hash in it, compatible with `chpasswd -e`. Or you can copy-paste
# your password hash from `/etc/shadow` if you first built the system with
# `password=`, `hashedPassword=`, initialPassword-, or initialHashedPassword=.
# `sudo cat /etc/shadow` will show all hashed user passwords.
# More info: https://search.nixos.org/options?channel=21.05&show=users.users.%3Cname%3E.passwordFile&query=users.users.%3Cname%3E.passwordFile
users = {
mutableUsers = false;
defaultUserShell = "/var/run/current-system/sw/bin/zsh";
users = {
root = {
# disable root login here, and also when installing nix by running nixos-install --no-root-passwd
# https://discourse.nixos.org/t/how-to-disable-root-user-account-in-configuration-nix/13235/3
hashedPassword = "!"; # disable root logins, nothing hashes to !
};
oxygen = {
isNormalUser = true;
description = "Non-sudo account for testing new config options that could break login. If need sudo for testing, add 'wheel' to extraGroups and rebuild.";
initialPassword = "password";
#passwordFile = "/persist/etc/users/test";
extraGroups = [ "networkmanager" ];
#openssh.authorizedKeys.keys = [ "${AUTHORIZED_SSH_KEY}" ];
};
nitrogen = {
isNormalUser = true;
description = "Main Driver";
passwordFile = "/persist/etc/users/nitrogen";
extraGroups = [ "wheel" "networkmanager" ];
#openssh.authorizedKeys.keys = [ "${AUTHORIZED_SSH_KEY}" ];
};
};
};
################################################################################
# Applications
################################################################################
# List packages installed in system profile. To search, run:
# $ nix search <packagename>
environment.systemPackages = with pkgs; [
# system core (useful for a minimal first install)
nix-index
efibootmgr
parted gparted gptfdisk
pciutils uutils-coreutils wget
openssh ssh-copy-id ssh-import-id fail2ban sshguard
git git-extras
zsh oh-my-zsh
firefox irssi
tmux
vim emacs
htop ncdu
julia-stable octaveFull
pdfgrep pdfmod pdfarranger zathura
joplin
rsync syncthing zsync
wireguard-tools tailscale
];
################################################################################
# Program Config
################################################################################
programs.zsh = {
enable = true;
ohMyZsh = {
enable = true;
plugins = [ "colored-man-pages" "colorize" "command-not-found" "emacs" "git" "git-extras" "history" "man" "rsync" "safe-paste" "scd" "screen" "systemd" "tmux" "urltools" "vi-mode" "z" "zsh-interactive-cd" ];
theme = "juanghurtado";
#theme = "jonathan";
# themes displaying commit hash: jonathan juanghurtado peepcode simonoff smt sunrise sunaku theunraveler
# cool themes: linuxonly agnoster blinks crcandy crunch essembeh flazz frisk gozilla itchy gallois eastwood dst clean bureau bira avit nanotech nicoulaj rkj-repos ys darkblood fox
};
};
# ACME certificates: https://nixos.org/manual/nixos/unstable/index.html#module-security-acme
security.acme = {
acceptTerms = true;
email = "nitrogen@gmail.com";
};
}
Raw
hardware-configuration.tmpfsroot.zfscrypt.template.nix
# Do not modify this file! It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
# defaults
imports =
[ (modulesPath + "/hardware/network/broadcom-43xx.nix")
(modulesPath + "/installer/scan/not-detected.nix")
];
# defaults
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
# https://elis.nu/blog/2020/05/nixos-tmpfs-as-root/#step-4-1-configure-disks
# need permissions set to 755 or some software like openssh will complain.
# Tmpfs size can be whatever you want it to be, based on your available RAM.
# A fresh install of NixOS + Gnome4 uses just over 200MB in Tmpfs, so
# size=512M is sufficient, or 1GB or 2GB if you may need more headroom.
fileSystems."/" =
{ device = "tmpfs";
fsType = "tmpfs";
options = [ "defaults" "size=2G" "mode=755" ];
};
fileSystems."/nix" =
{ device = "rpool/local/nix";
fsType = "zfs";
};
fileSystems."/home" =
{ device = "rpool/safe/home";
fsType = "zfs";
};
fileSystems."/persist" =
{ device = "rpool/safe/persist";
fsType = "zfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/B5A3-648C";
fsType = "vfat";
};
# I avoid swap files these days if at all possible. Partly to avoid the wear
# on my SSDs, partly b/c RAM is cheap enough to not need it, and partly b/c
# it's not a good idea to put swap on ZFS. If you must have swap, put
# it on a separate non-ZFS partition. More info here:
# https://nixos.wiki/wiki/NixOS_on_ZFS#Caveats
swapDevices = [ ];
# default
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
# The NixOS docs put these properties in configuration.nix, but I prefer to
# put all machine-specific properties in hardware-configuration.nix instead,
# to keep configuration.nix maximally portable across different machines.
networking.hostId = "6b36ccc6";
boot.zfs.devNodes = "/dev/disk/by-id/ata-WDC_WDS100T2B0B-00YS70_1831C1810345-part2";
# Note - since this file can potentially be overwritten by future invocations,
# keep a master copy somewhere safe. Always work on the master, then copy it
# to /etc/nixos/hardware-configuration.nix when ready to rebuild. Same with
# configuration.nix.
}
Raw
nixos-genconfig-with-tmpfsroot-zfscrypt.sh
#!/usr/bin/env bash
# A NixOS partition scheme with UEFI boot, root on tmpfs, everything else
# on encrypted ZFS datasets, and no swap.
# This script wipes and formats the selected disk, and creates the following:
# 1. 1GB FAT32 UEFI boot partition (each Nix generation consumes about 20MB on
# /boot, so size this based on how many generations you want to store)
# 2. Encrypted ZFS pool comprising all remaining disk space - rpool
# 3. Tmpfs root - /
# 4. ZFS datasets - rpool/local/nix, rpool/safe/[home,persist], rpool/reserved
# 5. mounts all of the above (except rpool/reserved which should never be mounted)
# 6. generates hardware-configuration.nix customized to this machine and tmpfs
# 7. generates a generic default configuration.nix replace-able with a custom one
#
# https://www.reddit.com/r/NixOS/comments/o1er2p/tmpfs_as_root_but_without_hardcoding_your/
# https://www.reddit.com/r/NixOS/comments/g9wks6/root_on_tmpfs/
# https://grahamc.com/blog/nixos-on-zfs
# https://grahamc.com/blog/erase-your-darlings
# https://elis.nu/blog/2020/05/nixos-tmpfs-as-root/
# https://elis.nu/blog/2020/06/nixos-tmpfs-as-home/
#
# Disk Partitions:
# sda
# ├─sda1 /boot EFI BOOT
# └─sda2 rpool ZFS POOL
#
# Mount Layout:
# / tmpfs
# ├─/boot /dev/sda1
# ├─/nix rpool/local/nix
# ├─/home rpool/safe/home
# └─/persist rpool/safe/persist
#useful commands
# mount -l | grep sda
# findmnt | grep zfs
# lsblk
# ncdu -x /
# zpool list
# zfs list -o name,mounted,mountpoint
# zfs mount (only usable with non-legacy datasets)
# zfs unmount -a (unmount everything, only usable with non-legacy datasets)
# umount -R /mnt (unmount everything in /mnt recursively, required for legacy zfs datasets)
# zpool export $POOL (disconnects the pool)
# zpool remove $POOL sda1 (removes the disk from your zpool)
# zpool destroy $POOL (this destroys the pool and it's gone and rather difficult to retrieve)
# Some ZFS properties cannot be changed after the pool and/or datasets are created. Some discussion on this:
# https://www.reddit.com/r/zfs/comments/nsc235/what_are_all_the_properties_that_cant_be_modified/
# `ashift` is one of these properties, but is easy to determine. Use the following commands:
# disk logical blocksize: `$ sudo blockdev --getbsz /dev/sdX` (ashift)
# disk physical blocksize: `$ sudo blockdev --getpbsz /dev/sdX` (not ashift but interesting)
#set -euo pipefail
set -e
pprint () {
local cyan="\e[96m"
local default="\e[39m"
# ISO8601 timestamp + ms
local timestamp
timestamp=$(date +%FT%T.%3NZ)
echo -e "${cyan}${timestamp} $1${default}" 1>&2
}
# Select DISK to format and install to
echo # move to a new line
pprint "> Select installation disk: "
select ENTRY in $(ls /dev/disk/by-id/);
do
DISK="/dev/disk/by-id/$ENTRY"
echo "Installing system on $ENTRY."
break
done
# Set ZFS pool name
read -p "> Name your ZFS pool: " POOL
read -p "> You entered '$POOL'. Is this correct? (Y/N): " confirm && [[ $confirm == [yY] || $confirm == [yY][eE][sS] ]] || exit 1
# Confirm wipe hdd
read -p "> Do you want to wipe all data on $ENTRY ?" -n 1 -r
echo # move to a new line
if [[ "$REPLY" =~ ^[Yy]$ ]]
then
# Clear disk (sometimes need to run wipefs twice when deleting ZFS pools)
# May also need to `umount -R /mnt`
pprint "Wiping $DISK. If errors occur, make sure all $DISK partitions are umounted and ZFS Pools are exported and/or destroyed."
pprint "To do so, run 'findmnt' to see all current mounts, umount /dev/sdX to unmount, and zpool export <poolname>."
wipefs -af "$DISK"
sleep 1
wipefs -af "$DISK"
sgdisk -Zo "$DISK"
fi
# if you're new to sgdisk, see these guides by its developer:
# https://www.rodsbooks.com/gdisk/
# https://www.rodsbooks.com/gdisk/walkthrough.html
pprint "Creating boot (EFI) partition ..."
sgdisk -n 0:0:+954M -t 0:EF00 -c 0:efiboot $DISK
BOOT="$DISK-part1"
pprint "Creating ZFS partition ..."
sgdisk -n 0:0:0 -t 0:BF01 -c 0:zfspool $DISK
ZFS="$DISK-part2"
# Inform kernel
partprobe "$DISK"
sleep 1
pprint "Formatting BOOT partition $BOOT as FAT32 ... "
mkfs.vfat -F 32 "$BOOT"
# Inform kernel
partprobe "$DISK"
sleep 1
pprint "Creating ZFS pool on $ZFS ..."
# -f force
# -m none (mountpoint), canmount=off. ZFS datasets on this pool unmountable
# unless explicitly specified otherwise in 'zfs create'.
# Use blockdev --getbsz /dev/sdX to find correct ashift for your disk.
# acltype=posix, xattr=sa required
# atime=off and relatime=on for performance
# recordsize depends on usage, 16k for database server or similar, 1M for home media server with large files
# normalization=formD for max compatility
# secondarycache=none to disable L2ARC which is not needed
# more info on pool properties:
# https://nixos.wiki/wiki/NixOS_on_ZFS#Dataset_Properties
# https://jrs-s.net/2018/08/17/zfs-tuning-cheat-sheet/
zpool create -f -m none -R /mnt \
-o ashift=12 \
-o listsnapshots=on \
-O acltype=posix \
-O compression=lz4 \
-O encryption=on \
-O keylocation=prompt \
-O keyformat=passphrase \
-O canmount=off \
-O atime=off \
-O relatime=on \
-O recordsize=1M \
-O dnodesize=auto \
-O xattr=sa \
-O normalization=formD \
$POOL $ZFS
pprint "Creating ZFS datasets nix, opt, home, persist, reserved ..."
zfs create -p -v -o secondarycache=none -o mountpoint=legacy ${POOL}/local/nix
zfs create -p -v -o secondarycache=none -o mountpoint=legacy ${POOL}/safe/home
zfs create -p -v -o secondarycache=none -o mountpoint=legacy ${POOL}/safe/persist
# create an unused, unmounted 2GB dataset. In case the rest of the pool runs out
# of space required for ZFS operations (even deletions require disk space in a
# copy-on-write filesystem), shrink or delete this pool to free enough
# space to continue ZFS operations.
# https://nixos.wiki/wiki/NixOS_on_ZFS#Reservations
zfs create -o refreservation=2G -o primarycache=none -o secondarycache=none -o mountpoint=none ${POOL}/reserved
pprint "Enabling auto-snapshotting for rpool/safe/[home,persist] datasets ..."
zfs set com.sun:auto-snapshot=true ${POOL}/safe
pprint "Mounting Tmpfs and ZFS datasets ..."
mkdir -p /mnt
mount -t tmpfs tmpfs /mnt
mkdir -p /mnt/nix
mount -t zfs ${POOL}/local/nix /mnt/nix
mkdir -p /mnt/home
mount -t zfs ${POOL}/safe/home /mnt/home
mkdir -p /mnt/persist
mount -t zfs ${POOL}/safe/persist /mnt/persist
mkdir -p /mnt/boot
mount -t vfat "$BOOT" /mnt/boot
pprint "Making /mnt/persist/ subdirectories for persisted artifacts ..."
mkdir -p /mnt/persist/etc/ssh
mkdir -p /mnt/persist/etc/users
mkdir -p /mnt/persist/etc/nixos
mkdir -p /mnt/persist/etc/wireguard/
mkdir -p /mnt/persist/etc/NetworkManager/system-connections
mkdir -p /mnt/persist/var/lib/bluetooth
mkdir -p /mnt/persist/var/lib/acme
pprint "Generating NixOS configuration ..."
nixos-generate-config --force --root /mnt
# Specify machine-specific properties for hardware-configuration.nix
HOSTID=$(head -c8 /etc/machine-id)
HARDWARE_CONFIG=$(mktemp)
cat <<CONFIG > "$HARDWARE_CONFIG"
networking.hostId = "$HOSTID";
boot.zfs.devNodes = "$ZFS";
CONFIG
# Add extra Tmpfs config options to the / mount section in hardware-configuration.nix
# mode=755: required for some software like openssh, or will complain about permissions
# size=2G: Tmpfs size. A fresh NixOS + Gnome4 install can use 30MB - 230MB on tmpfs.
# size=512M is sufficient, or larger if you have enough RAM and want more headroom.
# backing up original to /mnt/etc/nixos/hardware-configuration.nix.original.
# https://elis.nu/blog/2020/05/nixos-tmpfs-as-root/#step-4-1-configure-disks
pprint "Adding Tmpfs options to hardware-configuration.nix ..."
sed --in-place=.original '/fsType = "tmpfs";/a\ options = [ "defaults" "size=2G" "mode=755" ];' /mnt/etc/nixos/hardware-configuration.nix
pprint "Appending machine-specific properties to hardware-configuration.nix ..."
sed -i "\$e cat $HARDWARE_CONFIG" /mnt/etc/nixos/hardware-configuration.nix
pprint "Configuration complete. To install, run 'nixos-install --no-root-passwd'."
#if install fails, try the install script below:
# ---- install script ----
!/usr/bin/env bash
# install NixOS with no root password
set -e
# If nixos-install fails, may need to prepend this nixos-build line to install script:
# https://github.com/NixOS/nixpkgs/issues/126141#issuecomment-861720372
#nix-build -v '<nixpkgs/nixos>' -A config.system.build.toplevel -I nixos-config=/mnt/etc/nixos/configuration.nix
# install NixOS with no root password. Must use `passwd` on first use to set user password.
#nixos-install -v --show-trace --no-root-passwd
# ---- /install script ----
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment