Installing NixOS on a Lenovo ThinkPad Carbon X1 Gen 9

nixos-x1.rst

Installing NixOS on a Lenovo ThinkPad Carbon X1 Gen 9

Installation media

• Downloaded nixos-21.11/latest-nixos-gnome-x86_64-linux.iso from channels.nixos.org.
• NixOS manual instructs to create the USB stick using dd (see Booting from a USB Drive)
• I created it using Fedora Media Writer instead

Boot from installation media

• Restarted the laptop from Windows 10
• Hit F1 at the Lenovo boot logo to enter the BIOS setup utility
• Clicked on Startup, then → Boot
• Dragged the USB HDD: item from the Excluded from Boot Priority Order list on the right to the bottom of the Boot Priority Order list on the left
• Clicked on Security, then → Secure Boot
• Clicked on the slider to toggle Secure Boot from On to Off
• Hit F10 to save and exit
• Hit F12 at the Lenovo boot logo to choose a temporary startup device
• Clicked on the USB HDD: item

Boot into the NixOS live environment

• Hit Enter to choose NixOS 21.11.333823.96b4157790f Installer
• Click on No Thanks to skip the GNOME 41 tour
• Hit the Windows key and typed keyb Enter to open the keyboard settings
• Click on the + sign and selected my keyboard layout and options
• Switch to the keyboard layout by clicking on en at the top panel and selecting your preferred layout
• Click on Mouse & Touchpad and Tap to Click
• Click on Wi-Fi, select by WiFi network from Visible Networks and type the WiFi password

Prepare the internal hard disk

• Hit the Windows key and typed term Enter to open a terminal

• Find the internal hard disk device name (in my case /dev/nvme0n1):

  ls /dev/disk/by-id/
  

• Partition the disk (this destroys Windows!):

  sudo -i
  parted /dev/nvme0n1 -- mklabel gpt                           # and answer "Yes"
  parted /dev/nvme0n1 -- mkpart primary 512MiB 100%
  parted /dev/nvme0n1 -- mkpart ESP fat32 1MiB 512MiB
  parted /dev/nvme0n1 -- set 2 esp on
  

• Encrypt the primary disk:

  sudo cryptsetup luksFormat /dev/nvme0n1p1  # answer YES and enter passphrase
  sudo cryptsetup luksOpen /dev/nvme0n1p1 crypted
  sudo pvcreate /dev/mapper/crypted
  sudo vgcreate vg /dev/mapper/crypted
  sudo lvcreate -L 8G -n swap vg
  sudo lvcreate -l '100%FREE' -n nixos vg
  

• Create and mount filesystems:

  mkfs.ext4 -L nixos /dev/vg/nixos
  mkswap -L swap /dev/vg/swap
  swapon /dev/vg/swap
  mkfs.fat -F 32 -n boot /dev/nvme0n1p2
  mount /dev/disk/by-label/nixos /mnt
  mkdir -p /mnt/boot
  mount /dev/nvme0n1p2 /mnt/boot
  

• Create a configuration for NixOS:

  nixos-generate-config --root /mnt
  nano /mnt/etc/nixos/configuration.nix
  

  Add or uncomment and modify the following lines, save with Ctrl-X Y Enter:

  boot.loader.efi.efiSysMountPoint = "/boot/efi";
  
  boot.loader.grub = {
    enable = true;
    version = 2;
    efiSupport = true;
    enableCryptodisk = true;
    device = "nodev";
  };
  
  boot.initrd.luks.devices = {
    crypted = {
      device = "/dev/disk/by-uuid/6d2a134f-b4cb-4b9c-b002-f3e88d2b8ca6";
      preLVM = true;
    };
  };
  
  networking.hostName = "mylaptop"; # Define your hostname.
  
  time.timeZone = "Europe/Helsinki";
  
  i18n.defaultLocale = "fi_FI.UTF-8";
  
  console = {
    font = "Lat2-Terminus16";
    keyMap = "fi";
  }
  
  services.xserver.layout = "fi";
  
  services.printing.enable = true;
  
  sound.enable = true;
  hardware.pulseaudio.enable = true;
  
  services.xserver.libinput.enable = true;
  
  users.users.myname = {
    isNormalUser = true;
    extraGroups = [ "wheel" ]; # Enable 'sudo' for the user.
  };
  
  nixpkgs.config.allowUnfree = true;
  
  environment.systemPackages = with pkgs; [
    vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
    wget
    emacs
    firefox
    git
    telnet
    terminator
  ];
  
  programs.gnupg.agent = {
    enable = true;
    enableSSHSupport = true;
  };
  
  services.openssh.enable = true;
  
  networking.firefwall.enable = false;
  

• Run the installer and reboot:

  nixos-install
  # enter the new root password when requested
  reboot
  

Boot into NixOS

The laptop first boots into BIOS setup. Just save and exit (F10), remove the USB drive, and let the laptop boot into NixOS.

• Hit the Windows key and type wifi Enter
• Click on the gear icon next to your WiFi hotspot
• Click on the Security tab
• Add your password and click on Apply
• Click on Mouse & Touchpad and Tap to Click
• Hit the Windows key and type user Enter
• Click on Password, select Set the password now, type the new password for the user twice, and click on Change.
• Click on the top right status bar and select Shut down / Log out and Log out, and confirm Log out
• Click on the username and enter the new password to log in
• Click on No Thanks to skip the GNOME 41 tour
• Click on Mouse & Touchpad and Tap to Click

Put NixOS configuration in Git

• Open a terminal by hitting the Windows key and typing term Enter

• Set the Git username and e-mail:

  sudo -i
  git config --global user.name "Your name"
  git config --global user.email "12345+yourname@users.noreply.github.com"
  

• Create an SSH key:

  ssh-keygen -t ed25519 -C root@mylaptop
  # accept the file path
  # type a passphrase twice
  

• Initialize and push the Git repository:

  cd /etc/nixos
  git init
  git add .
  git commit -m "Initial commit"
  git push -u origin master
  

With version 22.x the default boot.loader.xxx needs to be disabled when adding grub

Also, I did

boot.loader.efi.efiSysMountPoint = "/boot";

Since with this setup boot is the efi partition

Thanks @jjtt. I guess it would make sense to label this recipe specific to NixOS 21.x and create another gist for 22.x.