Skip to content

Instantly share code, notes, and snippets.

@alepez

alepez/nixos-encrypted-zfs.md

Created June 21, 2021 12:57
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save alepez/ca5ef0f0b8112c64728031103d8711fc to your computer and use it in GitHub Desktop.
Save alepez/ca5ef0f0b8112c64728031103d8711fc to your computer and use it in GitHub Desktop.
Download ZIP
nixos on fully encrupted zfs
Raw
nixos-encrypted-zfs.md

NixOs neon

Partitions

DISK=/dev/disk/by-id/ata-VBOX_HARDDISK_VBf3bca3fc-20a6ea2d
parted -s ${DISK} -- mklabel gpt
parted -s ${DISK} -- mkpart primary 512MiB -8GiB
parted -s ${DISK} -- mkpart primary linux-swap -8GiB 100%
parted -s ${DISK} -- mkpart ESP fat32 1MiB 512MiB
parted -s ${DISK} -- set 3 esp on

ZFS

zpool create -O mountpoint=none -O atime=off -O acltype=posixacl -O encryption=aes-256-gcm -O keyformat=passphrase rpool $DISK-part1
zfs create -o mountpoint=legacy rpool/root
zfs create -o mountpoint=legacy rpool/nix
zfs create -o mountpoint=legacy rpool/home

Mount

mount -t zfs rpool/root /mnt
mkdir /mnt/home
mount -t zfs rpool/home /mnt/home
mkdir /mnt/nix
mount -t zfs rpool/nix /mnt/nix
mkfs.vfat $DISK-part3
mkdir /mnt/boot
mount $DISK-part3 /mnt/boot

NixOs

nixos-generate-config --root /mnt

Edit /mnt/etc/nixos/configuration.nix and add the following line:

  boot.supportedFilesystems = [ "zfs" ];

Also, make sure you set the networking.hostId option, which ZFS requires:

Generate a random 8-digit hex string:

openssl rand -hex 4
  networking.hostId = "<random 8-digit hex string>";

Complete editing of /mnt/etc/nixos/configuration.nix

Continue with installation!

nixos-install
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment